Merge pull request #250279 from omondiatieno/owners-assign

v-ccolin · web-flow · commit 8f794149542d · 2023-09-05T11:31:05.000+01:00
assign owners - UI updates
diff --git a/articles/active-directory/manage-apps/assign-app-owners.md b/articles/active-directory/manage-apps/assign-app-owners.md
@@ -22,6 +22,12 @@ ms.custom: enterprise-apps
 
 An [owner of an enterprise application](overview-assign-app-owners.md) in Azure Active Directory (Azure AD) can manage the organization-specific configuration of the application, such as single sign-on, provisioning, and user assignments. An owner can also add or remove other owners. Unlike Global Administrators, owners can manage only the enterprise applications they own. In this article, you learn how to assign an owner of an application.
 
+## Prerequisites
+
+To add an enterprise application to your Azure AD tenant, you need:
+
+- An Azure AD user account. If you don't already have one, you can [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+- One of the following roles: Global Administrator, Cloud Application Administrator, or Application Administrator.
 [!INCLUDE [portal updates](../includes/portal-update.md)]
 
 ## Assign an owner
@@ -30,24 +36,27 @@ An [owner of an enterprise application](overview-assign-app-owners.md) in Azure
 
 To assign an owner to an enterprise application:
 
-1. Sign in to [your Azure AD organization](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) with an account that is eligible for the **Application Administrator** role or the **Cloud Application Administrator** role for the organization.
-2. Select **Enterprise applications**, and then select the application that you want to add an owner to.
-3. Select **Owners**, and then select **Add** to get a list of user accounts that you can choose an owner from.
-4. Search for and select the user account that you want to be an owner of the application.
-5. Click **Select** to add the user account that you chose as an owner of the application.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator). 
+1. Browse to **Identity** > **Applications** > **Enterprise applications** > **All applications**.
+1. Select the application that you want to add an owner to.
+1. Select **Owners**, and then select **Add** to get a list of user accounts that you can choose an owner from.
+1. Search for and select the user account that you want to be an owner of the application.
+1. Select **Select** to add the user account that you chose as an owner of the application.
 
 :::zone-end
 
 :::zone pivot="ms-powershell"
 
 Use the following Microsoft Graph PowerShell cmdlet to add an owner to an enterprise application.
 
-You'll need to consent to the `Application.ReadWrite.All` permission.
+You need to sign in as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator) and consent to the `Application.ReadWrite.All` permission.
 
 In the following example, the user's object ID is 8afc02cb-4d62-4dba-b536-9f6d73e9be26 and the applicationId is 46e6adf4-a9cf-4b60-9390-0ba6fb00bf6b.
 
 ```powershell
-Import-Module Microsoft.Graph.Applications
+1. Connect-MgGraph -Scopes 'Application.ReadWrite.All'
+
+1. Import-Module Microsoft.Graph.Applications
 
 $params = @{
     "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/8afc02cb-4d62-4dba-b536-9f6d73e9be26"
@@ -59,9 +68,9 @@ New-MgServicePrincipalOwnerByRef -ServicePrincipalId '46e6adf4-a9cf-4b60-9390-0b
 
 :::zone pivot="ms-graph"
 
-To assign an owner to an application, sign in to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) with one of the roles listed in the prerequisite section.
+To assign an owner to an application, sign in to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator).
 
-You'll need to consent to the `Application.ReadWrite.All` permission.
+You need to consent to the `Application.ReadWrite.All` permission.
 
 Run the following Microsoft Graph query to assign an owner to an application. You need the object ID of the user you want to assign the application to. In the following example, the user's object ID is 8afc02cb-4d62-4dba-b536-9f6d73e9be26 and the appId is 46e6adf4-a9cf-4b60-9390-0ba6fb00bf6b.
 
@@ -77,7 +86,7 @@ Content-Type: application/json
 :::zone-end
 
 > [!NOTE]
-> If the user setting **Restrict access to Azure AD administration portal** is set to `Yes`, non-admin users will not be able to use the Azure portal to manage the applications they own. For more information about the actions that can be performed on owned enterprise applications, see [Owned enterprise applications](../fundamentals/users-default-permissions.md#owned-enterprise-applications). 
+> If the user setting **Restrict access to Azure AD administration portal** is set to `Yes`, non-admin users aren't able to use the Microsoft Entra admin center to manage the applications they own. For more information about the actions that can be performed on owned enterprise applications, see [Owned enterprise applications](../fundamentals/users-default-permissions.md#owned-enterprise-applications). 
 
 ## Next steps
 
