Our current wording on the Basic blade regarding UAMI reads:
Select only one user-assigned managed identity that has (1) an Owner role or Contributor and User Access Administrator roles in the subscription, and (2) a Directory readers role in Azure AD.
@m-reza-rahman requests we temporarily suspend our respect for the principal of least privilege in the name of simplicity and change the wording to be:
Select only one user-assigned managed identity that has (1) the Owner role in the subscription, and (2) a Directory readers role in Azure AD.
Our current wording on the Basic blade regarding UAMI reads:
@m-reza-rahman requests we temporarily suspend our respect for the principal of least privilege in the name of simplicity and change the wording to be: