The following are the permission sets required for the Microsoft Azure Active Directory application to work in CWS:
Microsoft.Network/networkWatchers/read
Microsoft.Network/networkWatchers/write
Microsoft.Network/networkWatchers/delete |
Microsoft.Network/networkWatchers/configureFlowLog/action |
Microsoft.Resources/subscriptions/resourceGroups/read
Microsoft.Resources/subscriptions/resourceGroups/write |
Microsoft.Network/virtualNetworks/read |
Microsoft.Network/virtualNetworks/subnets/read |
Microsoft.Network/networkSecurityGroups/read
Microsoft.Network/networkSecurityGroups/write |
Microsoft.Network/networkSecurityGroups/securityRules/read
Microsoft.Network/networkSecurityGroups/securityRules/write
Microsoft.Network/networkSecurityGroups/securityRules/delete |
Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read |
Microsoft.Storage/storageAccounts/read
Microsoft.Storage/storageAccounts/write |
Microsoft.Compute/virtualMachines/read |
Microsoft.Compute/virtualMachineScaleSets/read |
Microsoft.Network/networkInterfaces/read |
Microsoft.Network/publicIPAddresses/read |