...
A service principal named
armorsa
and display nameArmor Service Account
A custom azure role with the following permissions with a scope of the target subscriptions:
Microsoft.Authorization/policies/audit/action
Microsoft.Authorization/policies/auditIfNotExists/action
Microsoft.Authorization/policyAssignments/read
Microsoft.Authorization/policyAssignments/write
Microsoft.Authorization/policyAssignments/delete
Microsoft.Authorization/roleAssignments/delete
Microsoft.Authorization/roleAssignments/read
Microsoft.Authorization/roleAssignments/write
Microsoft.Insights/Workbooks/Read
Microsoft.Insights/Workbooks/Write
Microsoft.Insights/Workbooks/Delete
Microsoft.Insights/diagnosticSettings/read
Microsoft.Insights/diagnosticSettings/write
Microsoft.Insights/diagnosticSettings/delete
Microsoft.Logic/workflows/read
Microsoft.Logic/workflows/write
Microsoft.Logic/workflows/delete
Microsoft.Logic/workflows/triggers/listCallbackUrl/action
Microsoft.Logic/workflows/triggers/read
Microsoft.Logic/workflows/triggers/reset/action
Microsoft.Logic/workflows/triggers/run/action
Microsoft.Logic/workflows/triggers/setState/action
Microsoft.ManagedServices/operationStatuses/read
Microsoft.ManagedServices/registrationAssignments/read
Microsoft.ManagedServices/registrationAssignments/write
Microsoft.ManagedServices/registrationAssignments/delete
Microsoft.ManagedServices/registrationDefinitions/read
Microsoft.ManagedServices/registrationDefinitions/write
Microsoft.ManagedServices/registrationDefinitions/delete
Microsoft.OperationalInsights/workspaces/read
Microsoft.OperationalInsights/workspaces/write
Microsoft.OperationalInsights/workspaces/datasources/read
Microsoft.OperationalInsights/workspaces/datasources/write
Microsoft.OperationalInsights/workspaces/datasources/delete
Microsoft.OperationalInsights/workspaces/savedSearches/read
Microsoft.OperationalInsights/workspaces/savedSearches/write
Microsoft.OperationalInsights/workspaces/savedSearches/delete
Microsoft.OperationalInsights/workspaces/sharedKeys/action
Microsoft.OperationsManagement/solutions/read
Microsoft.OperationsManagement/solutions/write
Microsoft.Resources/deployments/read
Microsoft.Resources/deployments/write
Microsoft.Resources/deployments/delete
Microsoft.Resources/deployments/exportTemplate/action
Microsoft.Resources/deployments/operationstatuses/read
Microsoft.Resources/deployments/validate/action
Microsoft.Resources/subscriptions/resourceGroups/read
Microsoft.Resources/subscriptions/resourceGroups/write
Microsoft.Resources/subscriptions/resourcegroups/deployments/read
Microsoft.Resources/subscriptions/resourcegroups/deployments/write
Microsoft.Resources/subscriptions/resourcegroups/resources/read
Microsoft.SecurityInsights/alertRules/read
Microsoft.SecurityInsights/alertRules/write
Microsoft.SecurityInsights/alertRules/delete
Microsoft.SecurityInsights/alertRules/actions/read
Microsoft.SecurityInsights/alertRules/actions/write
Microsoft.SecurityInsights/alertRules/actions/delete
Microsoft.SecurityInsights/automationRules/read
Microsoft.SecurityInsights/automationRules/write
Microsoft.SecurityInsights/automationRules/delete
Microsoft.SecurityInsights/dataConnectors/read
Microsoft.SecurityInsights/dataConnectors/write
Microsoft.SecurityInsights/dataConnectors/delete
Microsoft.SecurityInsights/Watchlists/read
Microsoft.SecurityInsights/Watchlists/write
Microsoft.SecurityInsights/Watchlists/delete
*
Microsoft.Storage/storageAccounts/blobServices/read
Microsoft.Storage/storageAccounts/blobServices/write
Microsoft.Storage/storageAccounts/fileServices/read
Microsoft.Storage/storageAccounts/fileServices/write
Microsoft.Storage/storageAccounts/listkeys/action
Microsoft.Storage/storageAccounts/read
Microsoft.Storage/storageAccounts/write
Microsoft.Web/connections/Read
Microsoft.Web/connections/Write
Microsoft.Web/connections/Delete
Microsoft.Web/connections/Join/Action
Microsoft.Web/connections/Move/Action
Microsoft.Web/customApis/write
Microsoft.Web/customApis/join/action