-
Notifications
You must be signed in to change notification settings - Fork 73
Permission
timsto edited this page Aug 25, 2024
·
1 revision
There are two Options:
-
Run As User: Global Admin or Privilege Admin is required because an Restricted Management Administrative Unit will created. The Later Operations can be delegated to the "CA Administrator" + "CA_Admin" Group
-
Run As Workload Identity (App Registration or Managed Identity)
- "AdministrativeUnit.ReadWrite.All",
- "Agreement.Read.All",
- "Application.Read.All",
- "Group.ReadWrite.All",
- "Policy.Read.All",
- "Policy.ReadWrite.ConditionalAccess",
- "RoleManagement.ReadWrite.Directory"