Security Group owner for Azure SPN

Question

I would like to know if Entra ID security Group can be added as a owner to the Azure SPN

If yes, does it require Entra ID P1/P2 license? If this can be done via portal or via command line (CLI or powershell)

Answer 1

@Vipal Gujrathi

Thank you for posting this in Microsoft Q&A.

I apologize for incorrect details provided initially.

I have reviewed your ask and as I understand you want to know if you can add security group as a owner of service principal in Entra ID.

Currently this is not possible. Users can be owners of enterprise applications, but groups can't be assigned as owners.

Hence, we do not have this option in portal as well.

Once you register an application in Entra ID there is a service principal that gets created automatically under Enterprise applications.

A user in Microsoft Entra ID is automatically added as an application owner when they register an application. The ownership of an enterprise application is assigned by default only when a user with no administrator roles creates a new application registration. In all other cases, ownership isn't assigned by default to an enterprise application.

You can refer below article for the same,

https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/overview-assign-app-owners

However, you can provide your feedback in our Azure feedback portal. This portal is directly monitored by our PM team.

https://feedback.azure.com/d365community/search/22920db1-ad25-ec11-b6e6-000d3a4f0789?q=SPN+owners

Let us know if you have any further questions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.