How can I restrict which data NubOps retrieves from Azure?
When you create an app registration, you prevent NubOps from accessing data by only assigning the Reader role to the app registration on those subscriptions that you want to use NubOps with.
We recommend following the information security principle called "Least privilege" for all types of authorizations, meaning that you should only grant the privileges or permissions that are required for NubOps to perform the task that you want it to. When you create the app registration, select 'single tenant mode'. Also choose the "Application permissions" option since NubOps likely requires fewer permissions and privileges than your regular Microsoft work account has assigned to it. When using an app registration, NubOps does not use your user account credentials, which means that it is probable that you will see less in NubOps as compared to the Azure portal if you have adhered to the principle of "Least privileges".
We recommend following the information security principle called "Least privilege" for all types of authorizations, meaning that you should only grant the privileges or permissions that are required for NubOps to perform the task that you want it to. When you create the app registration, select 'single tenant mode'. Also choose the "Application permissions" option since NubOps likely requires fewer permissions and privileges than your regular Microsoft work account has assigned to it. When using an app registration, NubOps does not use your user account credentials, which means that it is probable that you will see less in NubOps as compared to the Azure portal if you have adhered to the principle of "Least privileges".
Updated on: 04/03/2025
Thank you!