This policy used to grant 'Virtual Machine Contributor' to the policy managed identity. That made sense to me since the purpose of the policy was to modify a field on virtual machines.
Now for some unexplained reason in the latest version (4.8.0) of the policy definition, this has been switched to 'Contributor', which is way too much power for the purpose.
I'd like an explanation as to why this was changed, please.
This policy used to grant 'Virtual Machine Contributor' to the policy managed identity. That made sense to me since the purpose of the policy was to modify a field on virtual machines.
Now for some unexplained reason in the latest version (4.8.0) of the policy definition, this has been switched to 'Contributor', which is way too much power for the purpose.
I'd like an explanation as to why this was changed, please.
Policy definition ID: /providers/microsoft.authorization/policydefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15