Manual Service Account Creation
If you do not have the required Azure Active Directory permissions to create the role, have an Azure AD administrator create the following resources:
A service principal named
armorsaand display nameArmor Service AccountA custom azure role with the following permissions with a scope of the target subscriptions:
Microsoft.Authorization/policies/audit/actionMicrosoft.Authorization/policies/auditIfNotExists/actionMicrosoft.Authorization/policyAssignments/readMicrosoft.Authorization/policyAssignments/writeMicrosoft.Authorization/policyAssignments/deleteMicrosoft.Authorization/roleAssignments/deleteMicrosoft.Authorization/roleAssignments/readMicrosoft.Authorization/roleAssignments/writeMicrosoft.Insights/Workbooks/ReadMicrosoft.Insights/Workbooks/WriteMicrosoft.Insights/Workbooks/DeleteMicrosoft.Insights/diagnosticSettings/readMicrosoft.Insights/diagnosticSettings/writeMicrosoft.Insights/diagnosticSettings/deleteMicrosoft.Logic/workflows/readMicrosoft.Logic/workflows/writeMicrosoft.Logic/workflows/deleteMicrosoft.Logic/workflows/triggers/listCallbackUrl/actionMicrosoft.Logic/workflows/triggers/readMicrosoft.Logic/workflows/triggers/reset/actionMicrosoft.Logic/workflows/triggers/run/actionMicrosoft.Logic/workflows/triggers/setState/actionMicrosoft.ManagedServices/operationStatuses/readMicrosoft.ManagedServices/registrationAssignments/readMicrosoft.ManagedServices/registrationAssignments/writeMicrosoft.ManagedServices/registrationAssignments/deleteMicrosoft.ManagedServices/registrationDefinitions/readMicrosoft.ManagedServices/registrationDefinitions/writeMicrosoft.ManagedServices/registrationDefinitions/deleteMicrosoft.OperationalInsights/workspaces/readMicrosoft.OperationalInsights/workspaces/writeMicrosoft.OperationalInsights/workspaces/datasources/readMicrosoft.OperationalInsights/workspaces/datasources/writeMicrosoft.OperationalInsights/workspaces/datasources/deleteMicrosoft.OperationalInsights/workspaces/savedSearches/readMicrosoft.OperationalInsights/workspaces/savedSearches/writeMicrosoft.OperationalInsights/workspaces/savedSearches/deleteMicrosoft.OperationalInsights/workspaces/sharedKeys/actionMicrosoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/writeMicrosoft.Resources/deployments/readMicrosoft.Resources/deployments/writeMicrosoft.Resources/deployments/deleteMicrosoft.Resources/deployments/exportTemplate/actionMicrosoft.Resources/deployments/operationstatuses/readMicrosoft.Resources/deployments/validate/actionMicrosoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/writeMicrosoft.Resources/subscriptions/resourcegroups/deployments/readMicrosoft.Resources/subscriptions/resourcegroups/deployments/writeMicrosoft.Resources/subscriptions/resourcegroups/resources/readMicrosoft.SecurityInsights/alertRules/readMicrosoft.SecurityInsights/alertRules/writeMicrosoft.SecurityInsights/alertRules/deleteMicrosoft.SecurityInsights/alertRules/actions/readMicrosoft.SecurityInsights/alertRules/actions/writeMicrosoft.SecurityInsights/alertRules/actions/deleteMicrosoft.SecurityInsights/automationRules/readMicrosoft.SecurityInsights/automationRules/writeMicrosoft.SecurityInsights/automationRules/deleteMicrosoft.SecurityInsights/dataConnectors/readMicrosoft.SecurityInsights/dataConnectors/writeMicrosoft.SecurityInsights/dataConnectors/deleteMicrosoft.SecurityInsights/Watchlists/*Microsoft.Storage/storageAccounts/blobServices/readMicrosoft.Storage/storageAccounts/blobServices/writeMicrosoft.Storage/storageAccounts/fileServices/readMicrosoft.Storage/storageAccounts/fileServices/writeMicrosoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/writeMicrosoft.Web/connections/ReadMicrosoft.Web/connections/WriteMicrosoft.Web/connections/DeleteMicrosoft.Web/connections/Join/ActionMicrosoft.Web/connections/Move/ActionMicrosoft.Web/customApis/writeMicrosoft.Web/customApis/join/action