Azure AD entities description (microsoft#896)

Added a description of the configuration of azure AD entities

closes microsoft#875

docs/AADEntitites.md

@@ -0,0 +1,44 @@
+# Azure Active Directory Entities
+This document describes the configuration of entities create in Azure AD by our [deployment script](../src/deployment/deploy.py)
+
+### OneFuzz Application Registration
+This is the registration of the OneFuzz instance.
+* name : `<instance_name>`
+* app roles
+    * _ManagedNode_
+        * value: ManagedNode
+        * Allowed Member types: Applications
+    * _CliClient_
+        * value: ManagedNode
+        * Allowed Member types: Applications
+* API Permissions
+    * _User.Read_ ([Microsoft Graph](https://docs.microsoft.com/en-us/graph/permissions-reference#user-permissions))
+* scope
+    * `user_impersonation`
+* Authorized application:
+    * OneFuzz CLI registration
+
+### Onefuzz Application Service Principal
+Service principal linked to the OneFuzz application registration.
+* name: `<instance_name>`
+* Application Id: `<OneFuzz Application registration app_id>`
+
+### OneFuzz CLI registration
+The registration for the command line interface.
+* name: `<instance_name>-cli`
+
+### OneFuzz CLI Service Principal
+Service principal linked to the OneFuzz CLI application registration.
+* name: `<instance_name>-cli`
+* Application Id: `<OneFuzz CLI registration app_id>`
+* User Assignment required: _true_
+* Permission
+    * _CliClient_ (from OneFuzz Application registration)
+
+### Managed Node Service Principal
+This entity is available after the first deployment. This is the service principal associated with the user-assigned managed identity `<instance_name>-<scaleset_id>`.
+
+* name: `<instance_name>-<scaleset_id>`
+* Service Principal
+    * Permission
+        * _ManagedNode_ (from OneFuzz Application registration)