Our customer wants to use a service principal to generate new subscriptions, so that a malicious employee doesn't have owner access to newly created subscriptions. I already generated a service principal via CLI, but to make him an account owner in the ea-portal the principal needs an e-mailaddress which is of course not existing. I cannot make that service principal an account owner
I already tried to implement to scenario based on the following docs.microsoft.com-entries:
The generation of the service principal was done with:
az ad sp create-for-rbac --name %name_of_the_account%