Perms Azure AAD SCIM Resource System Config

Inventory data and required permissions include the following:

Inventory Data
Least privileged permission
Higher privileged permissions

Azure Applications

Application.ReadWrite.OwnedBy

Application.ReadWrite.All, Directory.Read.All

Azure Application Templates

No additional permissions required

No additional permissions required

Conditional Access Policies

Policy.Read.All

No additional permissions required

Service Principals

Application.ReadWrite.OwnedBy

Application.ReadWrite.All, Directory.Read.All

Application Role Assignments for Service Principals

Directory.Read.All

Directory.ReadWrite.All

Inventory data and required permissions include the following:

Inventory Data
Least privileged permission
Higher privileged permissions

Azure Directory Roles

RoleManagement.Read.Directory

RoleManagement.ReadWrite.Directory, Directory.Read.All, Directory.ReadWrite.All

Azure Directory Role Templates

Same as above

Same as above

Azure Directory Role Members

Same as above

Same as above

Inventory data and required permissions include the following:

Inventory Data
Least privileged permission
Higher privileged permissions

Subscribed SKU

Organization.Read.All

Directory.Read.All, Organization.ReadWrite.All, Directory.ReadWrite.All

Inventory data and required permissions include the following:

Inventory Data
Permissions

Management Groups

Microsoft.Management/managementGroups/read

Subscriptions

Subscriptions

Resource Groups

Microsoft.Resources/subscriptions/resourceGroups/read

RBAC Role Definitions

Microsoft.Authorization/roleDefinitions/read

Resources

Microsoft.Resources/subscriptions/resources

RBAC Role Assignments

Microsoft.Authorization/roleAssignments/read

Managed Identities

Microsoft.ManagedIdentity/userAssignedIdentities/read

Classic Administrators

Microsoft.Authorization/classicAdministrators/read

Inventory Data
Least privileged permission
Higher privileged permissions

Org Contact

Contacts.Read

Contacts.ReadWrite

Inventory data and required permissions include the following:

Inventory Data
Least privileged permission
Higher privileged permissions

Directory Role Members Scoped to Directory

RoleManagement.Read.Directory

Directory.Read.All, Directory.ReadWrite.All, RoleManagement.ReadWrite.Directory

Directory Role Members Scoped to Application

Same as above

Same as above

Inventory data and required permissions include the following:

Inventory Data
Permissions

Azure Sign-In Activity

Reports.Read.All

 

Â