@tvon I think you’re on the right track here, have you by chance tested with the Microsoft.Network/networkInterfaces/read permission? I would expect that would work
Well, I haven’t tested it but it sounds reasonable.
I’m actually using the resource group + scale set method, but with this work I’m creating a role to grant the appropriate access and I figured I’d go ahead and provide a role for both methods.