Active Directory > User and Group Accounts
Determines whether user and group accounts should be read from the Azure Active Directory tenant.
Determines whether to connect to Azure Classic, when enabled the user must have additional permissions. For more information see the Granting Permissions to Azure section.
Network Security Groups > Default Security Rules
Determines whether the default (built-in) security rules should be read for network security groups.
Resource Groups > Automation Script
Determines whether the automation script template should be read for resource groups, when enabled a file is temporarily created on the machine running the Azure PowerShell cmdlets.
Resources (Common) > Alert Rules
Determines whether the alert rules should be read for resources.
Resources (Common) > Permissions
Determines whether the permissions should be read for resources.
Determines whether role definitions should be read for the tenant.
Storage Accounts > Keys
Determines whether the storage account keys should be read for the tenant.
When enabled the user must also have the Microsoft.Storage/storageAccounts/listKeys/action access right.
Virtual Machines > Default Public Settings Extensions
The names of the virtual machine extensions for which, by default, the public settings should be read.
Virtual Machines > Extensions Public Settings Mode
Determines whether public settings for virtual machine extensions should be read.
Virtual Machines > Specific Public Setting Extensions
The names of the extensions for which the public settings should be read.
Web Apps > Authentication Settings
Determines whether the authentication settings should be read for the web app.
Web Apps > Publishing Settings
Determines whether the site publishing settings should be read for the web app. This requires that the user has the "Microsoft.Web/sites/publishxml/action" permission which is provided by the Website Contributor built in role.