Creating new Entra application using Bicep template doesn't work when using enterprise application service principal

[nezuko-cc]

Hi, I have a bicep template that creates an Entra application. It works when I am the one deploying it and the app would have my account as the owner.
However, what I really need is to have this Entra app creation integrated into Azure Managed Application. I think Azure Managed Application by default uses their own service principal (see below) to do all the resource creation.
But I got this error message "message": "{\"error\":{\"code\":\"BadRequest\",\"target\":\"/resources/entraApp\",\"message\":\"AppOnly OBO tokens not supported by target service. Graph client request id: 75247f85-fd1a-4137-8b25-89e6c4f97772. Graph request timestamp: 2024-11-12T22:02:41Z.\"}}"

I am wondering if the Entra app creation is supposed to work for non-user deployer like the SP of managed application?
If yes, is the SP missing some permission? If no, is there a suggested way to make Entra app creation integrated into CI/CD pipeline?

[dkershaw10]

@nezuko-cc This looks like it may be a different problem. I will get back to you shortly.

[dkershaw10]

@nezuko-cc It looks like you are a Microsoft employee - can you reach out to me over Teams please?