Role ID Purpose Description
Application.Read.All 9a5d68dd-52b0-4cc2-bd40-abcf44ac3a30 Read all applications Allows the app to read all applications and service principals without a signed-in user.
Application.ReadWrite.All 1bfefb4e-e0b5-418b-a88f-73c46d2cc8e9 Read and write all applications Allows the app to create, read, update and delete applications and service principals without a signed-in user. Does not allow management of consent grants.
Application.ReadWrite.OwnedBy 18a4783c-866b-4cc7-a460-3d5e5662c884 Manage apps that this app creates or owns Allows the app to create other applications, and fully manage those applications (read, update, update application secrets and delete), without a signed-in user. It cannot update any apps that it is not an owner of.

Updated: