Permission - AlexFilipin/ConditionalAccess GitHub Wiki

There are two Options:

1. Run As User: Global Admin or Privilege Admin is required because an Restricted Management Administrative Unit will created. The Later Operations can be delegated to the "CA Administrator" + "CA_Admin" Group

2. Run As Workload Identity (App Registration or Managed Identity)

• "AdministrativeUnit.ReadWrite.All",
• "Agreement.Read.All",
• "Application.Read.All",
• "Group.ReadWrite.All",
• "Policy.Read.All",
• "Policy.ReadWrite.ConditionalAccess",
• "RoleManagement.ReadWrite.Directory"