From db1e2ebb5833801398084e4186bcc4a5b9c3313e Mon Sep 17 00:00:00 2001 From: ZH54321 Date: Fri, 8 Nov 2024 11:40:19 +0100 Subject: [PATCH] Add details about App Instance Property Lock --- .../src/components/HelpTexts/AZAddSecret/General.tsx | 6 ++++-- .../src/components/HelpTexts/AZAddSecret/References.tsx | 6 ++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZAddSecret/General.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZAddSecret/General.tsx index b3498ce2ee..c1a44731b2 100644 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZAddSecret/General.tsx +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZAddSecret/General.tsx @@ -27,9 +27,11 @@ const General: FC = () => { When a principal has been granted "Cloud App Admin" or "App Admin" against the tenant, that principal - gains the ability to add new secrets to all Service Principals and App Registrations. Additionally, a + gains the ability to add new secrets to all Service Principals* and App Registrations. Additionally, a principal that has been granted "Cloud App Admin" or "App Admin" against, or explicit ownership of a - Service Principal or App Registration gains the ability to add secrets to that particular object. + Service Principal* or App Registration gains the ability to add secrets to that particular object. + + * Secrets can only be added to the Service Principal if it is not protected by the "App instance property lock" configuration in the corresponding App Registration. ); diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZAddSecret/References.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZAddSecret/References.tsx index b6d4c54752..5a2143a642 100644 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZAddSecret/References.tsx +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZAddSecret/References.tsx @@ -37,6 +37,12 @@ const References: FC = () => { href='https://docs.microsoft.com/en-us/azure/active-directory/roles/assign-roles-different-scopes'> Assign Azure AD roles at different scopes + + Protect Service Principals using App Instance Property Lock + ); };