Hoping someone can help on this that maybe did this already, I would like to confirm what access is required in Azure for access to all Azure IAAS servers within the clients Azure environment if i'm setting up a proxy and appliance server inside the clients Azure?
Do I have to setup a static group on Azure and a dynamic group on Azure and add the app registration account to this and then
create a rule to add the dynamic group to all azure IAAS servers? or is there another way to do this?
Also what level of access should this account have for each IAAS vm in azure, admin access?