The Azure cloud auto-join docs say:
When using tags the only permission needed is
Microsoft.Network/networkInterfaces.When using Virtual Machine Scale Sets the only role action needed is
Microsoft.Compute/virtualMachineScaleSets/*/read.
Microsoft.Network/networkInterfaces is not an assignable action, what is actually needed here? Microsoft.Network/networkInterfaces/read?
@tvon I think you’re on the right track here, have you by chance tested with the Microsoft.Network/networkInterfaces/read permission? I would expect that would work
Well, I haven’t tested it but it sounds reasonable.
I’m actually using the resource group + scale set method, but with this work I’m creating a role to grant the appropriate access and I figured I’d go ahead and provide a role for both methods.