AzRoleAdvertizer

last sync: 2025-Jul-18 17:22:55 UTC

Monitoring Contributor

Azure BuiltIn RBAC Role definition

Name

Monitoring Contributor
Microsoft Learn

749f88d5-cbae-40b8-bcfc-e573ddc772fa

Description

Can read all monitoring data and update monitoring settings.

Category

Monitor
Microsoft Learn

CreatedOn

2016-09-21 19:21:08 UTC

UpdatedOn

2025-06-18 13:12:21 UTC

Permissions summary

Effective control plane and data plane operations: 7359 (unique operations)
•action: 41
•delete: 43
•read: 7225
•write: 50

Actions: 44
Resolved control plane operations from Actions: 7359
Effective control plane operations: 7359
•action: 41
•delete: 43
•read: 7225
•write: 50

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 9477

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3571

Actions

Operation	Description
*/read	wildcarded / no description
Microsoft.AlertsManagement/actionRules/*	wildcarded / no description
Microsoft.AlertsManagement/alerts/*	wildcarded / no description
Microsoft.AlertsManagement/alertsSummary/*	wildcarded / no description
Microsoft.AlertsManagement/investigations/*	wildcarded / no description
Microsoft.AlertsManagement/issues/*	wildcarded / no description
Microsoft.AlertsManagement/migrateFromSmartDetection/*	wildcarded / no description
Microsoft.AlertsManagement/prometheusRuleGroups/*	wildcarded / no description
Microsoft.AlertsManagement/smartDetectorAlertRules/*	wildcarded / no description
Microsoft.AlertsManagement/smartGroups/*	wildcarded / no description
Microsoft.Insights/actiongroups/*	wildcarded / no description
Microsoft.Insights/activityLogAlerts/*	wildcarded / no description
Microsoft.Insights/AlertRules/*	wildcarded / no description
Microsoft.Insights/components/*	wildcarded / no description
Microsoft.Insights/createNotifications/*	wildcarded / no description
Microsoft.Insights/dataCollectionEndpoints/*	wildcarded / no description
Microsoft.Insights/dataCollectionRuleAssociations/*	wildcarded / no description
Microsoft.Insights/dataCollectionRules/*	wildcarded / no description
Microsoft.Insights/DiagnosticSettings/*	wildcarded / no description
Microsoft.Insights/eventtypes/*	wildcarded / no description
Microsoft.Insights/LogDefinitions/*	wildcarded / no description
Microsoft.Insights/metricalerts/*	wildcarded / no description
Microsoft.Insights/MetricDefinitions/*	wildcarded / no description
Microsoft.Insights/Metrics/*	wildcarded / no description
Microsoft.Insights/notificationStatus/*	wildcarded / no description
Microsoft.Insights/privateLinkScopeOperationStatuses/*	wildcarded / no description
Microsoft.Insights/privateLinkScopes/*	wildcarded / no description
Microsoft.Insights/Register/Action	Register the Microsoft Insights provider
Microsoft.Insights/scheduledqueryrules/*	wildcarded / no description
Microsoft.Insights/webtests/*	wildcarded / no description
Microsoft.Insights/workbooks/*	wildcarded / no description
Microsoft.Insights/workbooktemplates/*	wildcarded / no description
Microsoft.Monitor/accounts/*	wildcarded / no description
Microsoft.Monitor/investigations/*	wildcarded / no description
Microsoft.OperationalInsights/locations/workspaces/failover/action	Initiates workspace failover to replication location.
Microsoft.OperationalInsights/workspaces/failback/action	Initiates workspace failback.
Microsoft.OperationalInsights/workspaces/intelligencepacks/*	wildcarded / no description
Microsoft.OperationalInsights/workspaces/savedSearches/*	wildcarded / no description
Microsoft.OperationalInsights/workspaces/search/action	Executes a search query
Microsoft.OperationalInsights/workspaces/sharedKeys/action	Retrieves the shared keys for the workspace. These keys are used to connect Microsoft Operational Insights agents to the workspace.
Microsoft.OperationalInsights/workspaces/sharedKeys/read	Retrieves the shared keys for the workspace. These keys are used to connect Microsoft Operational Insights agents to the workspace.
Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*	wildcarded / no description
Microsoft.OperationalInsights/workspaces/write	Creates a new workspace or links to an existing workspace by providing the customer id from the existing workspace.
Microsoft.Support/*	wildcarded / no description

NotActions

n/a

DataActions

n/a

NotDataActions

n/a

Used in
BuiltIn Policy

Policy DisplayName	Policy Id	Category	State
[Deprecated]: Configure Association to link Arc machines to default Microsoft Defender for Cloud Data Collection Rule	30f52897-df47-4ca0-81a8-a3be3e8dd226	Security Center	Deprecated
[Deprecated]: Configure Association to link Arc machines to user-defined Microsoft Defender for Cloud Data Collection Rule	c9ae938d-3d6f-4466-b7c3-351761d9c890	Security Center	Deprecated
[Deprecated]: Configure Association to link virtual machines to default Microsoft Defender for Cloud Data Collection Rule	a2ea54a3-9707-45e3-8230-bbda8309d17e	Security Center	Deprecated
[Deprecated]: Configure Association to link virtual machines to user-defined Microsoft Defender for Cloud Data Collection Rule	9c0aa188-e5fe-4569-8f74-b6e155624d9a	Security Center	Deprecated
[Deprecated]: Configure diagnostic settings for storage accounts to Log Analytics workspace	6f8f98a4-f108-47cb-8e98-91a0d85cd474	Storage	Deprecated
[Deprecated]: Deploy a VMInsights Data Collection Rule and Data Collection Rule Association for all the VMs in the Resource Group	a0f27bdc-5b15-4810-b81d-7c4df9df1a37	Monitoring	Deprecated
[Deprecated]: Deploy a VMInsights Data Collection Rule and Data Collection Rule Association for all the VMSS in the Resource Group	c7f3bf36-b807-4f18-82dc-f480ad713635	Monitoring	Deprecated
[Deprecated]: Deploy a VMInsights Data Collection Rule and Data Collection Rule Association for Arc Machines in the Resource Group	7c4214e9-ea57-487a-b38e-310ec09bc21d	Monitoring	Deprecated
Configure Arc-enabled Servers with SQL Server extension installed to enable or disable SQL best practices assessment.	f36de009-cacb-47b3-b936-9c4c9120d064	SQL Server	GA
Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL DCR	cbdd12e1-193a-445c-9926-560118c6daaa	Security Center	GA
Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL user-defined DCR	2227e1f1-23dd-4c3a-85a9-7024a401d8b2	Security Center	GA
Configure Azure Activity logs to stream to specified Log Analytics workspace	2465583e-4e78-4c15-b6be-a36cbc7c8b0f	Monitoring	GA
Configure diagnostic settings for Azure Databricks Workspaces to Log Analytics workspace	23057b42-ca8d-4aa0-a3dc-96a98b5b5a3d	Azure Databricks	GA
Configure diagnostic settings for Azure Machine Learning Workspaces to Log Analytics workspace	f59276f0-5740-4aaf-821d-45d185aa210e	Machine Learning	GA
Configure diagnostic settings for Azure Network Security Groups to Log Analytics workspace	98a2e215-5382-489e-bd29-32e7190a39ba	Network	GA
Configure diagnostic settings for Blob Services to Log Analytics workspace	b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb	Storage	GA
Configure diagnostic settings for container groups to Log Analytics workspace	41ebf9df-66cb-48e9-a8d0-98afb4e150ce	Container Instance	GA
Configure diagnostic settings for File Services to Log Analytics workspace	25a70cc8-2bd4-47f1-90b6-1478e4662c96	Storage	GA
Configure diagnostic settings for Queue Services to Log Analytics workspace	7bd000e3-37c7-4928-9f31-86c4b77c5c45	Storage	GA
Configure diagnostic settings for Storage Accounts to Log Analytics workspace	59759c62-9a22-4cdf-ae64-074495983fef	Storage	GA
Configure diagnostic settings for Table Services to Log Analytics workspace	2fb86bf3-d221-43d1-96d1-2434af34eaa0	Storage	GA
Configure Linux Arc Machines to be associated with a Data Collection Rule or a Data Collection Endpoint	d5c37ce1-5f52-4523-b949-f19bf945b73a	Monitoring	GA
Configure Linux Arc-enabled machines to be associated with a Data Collection Rule for ChangeTracking and Inventory	09a1f130-7697-42bc-8d84-8a9ea17e5192	ChangeTrackingAndInventory	GA
Configure Linux Machines to be associated with a Data Collection Rule or a Data Collection Endpoint	2ea82cdd-f2e8-4500-af75-67a2e084ca74	Monitoring	GA
Configure Linux Virtual Machine Scale Sets to be associated with a Data Collection Rule or a Data Collection Endpoint	050a90d5-7cce-483f-8f6c-0df462036dda	Monitoring	GA
Configure Linux Virtual Machines to be associated with a Data Collection Rule for ChangeTracking and Inventory	bef2d677-e829-492d-9a3d-f5a20fda818f	ChangeTrackingAndInventory	GA
Configure Linux Virtual Machines to be associated with a Data Collection Rule or a Data Collection Endpoint	58e891b9-ce13-4ac3-86e4-ac3e1f20cb07	Monitoring	GA
Configure Linux VMSS to be associated with a Data Collection Rule for ChangeTracking and Inventory	1142b015-2bd7-41e0-8645-a531afe09a1e	ChangeTrackingAndInventory	GA
Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL	ddca0ddc-4e9d-4bbb-92a1-f7c4dd7ef7ce	Security Center	GA
Configure Windows Arc Machines to be associated with a Data Collection Rule or a Data Collection Endpoint	c24c537f-2516-4c2f-aac5-2cd26baa3d26	Monitoring	GA
Configure Windows Arc-enabled machines to be associated with a Data Collection Rule for ChangeTracking and Inventory	ef9fe2ce-a588-4edd-829c-6247069dcfdb	ChangeTrackingAndInventory	GA
Configure Windows Machines to be associated with a Data Collection Rule or a Data Collection Endpoint	eab1f514-22e3-42e3-9a1f-e1dc9199355c	Monitoring	GA
Configure Windows Virtual Machine Scale Sets to be associated with a Data Collection Rule or a Data Collection Endpoint	0a3b9bf4-d30e-424a-af6b-9a93f6f78792	Monitoring	GA
Configure Windows Virtual Machines to be associated with a Data Collection Rule for ChangeTracking and Inventory	b6faa975-0add-4f35-8d1c-70bba45c4424	ChangeTrackingAndInventory	GA
Configure Windows Virtual Machines to be associated with a Data Collection Rule or a Data Collection Endpoint	244efd75-0d92-453c-b9a3-7d73ca36ed52	Monitoring	GA
Configure Windows VMSS to be associated with a Data Collection Rule for ChangeTracking and Inventory	8fd85785-1547-4a4a-bf90-d5483c9571c5	ChangeTrackingAndInventory	GA
Deploy - Configure diagnostic settings for Azure Key Vault to Log Analytics workspace	951af2fa-529b-416e-ab6e-066fd85ac459	Key Vault	GA
Deploy - Configure diagnostic settings for Azure Kubernetes Service to Log Analytics workspace	6c66c325-74c8-42fd-a286-a74b0e2939d8	Kubernetes	GA
Deploy - Configure diagnostic settings for SQL Databases to Log Analytics workspace	b79fa14e-238a-4c2d-b376-442ce508fc84	SQL	GA
Deploy - Configure diagnostic settings to a Log Analytics workspace to be enabled on Azure Key Vault Managed HSM	b3884c81-31aa-473d-a9bb-9466fe0ec2a0	Monitoring	GA
Deploy Diagnostic Settings for Batch Account to Log Analytics workspace	c84e5349-db6d-4769-805e-e14037dab9b5	Monitoring	GA
Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace	d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03	Monitoring	GA
Deploy Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace	25763a0a-5783-4f14-969e-79d4933eb74b	Monitoring	GA
Deploy Diagnostic Settings for Event Hub to Log Analytics workspace	1f6e93e8-6b31-41b1-83f6-36e449a42579	Monitoring	GA
Deploy Diagnostic Settings for Key Vault to Log Analytics workspace	bef3f64c-5290-43b7-85b0-9b254eef4c47	Monitoring	GA
Deploy Diagnostic Settings for Logic Apps to Log Analytics workspace	b889a06c-ec72-4b03-910a-cb169ee18721	Monitoring	GA
Deploy Diagnostic Settings for Network Security Groups	c9c29499-c1d1-4195-99bd-2ec9e3a9dc89	Monitoring	GA
Deploy Diagnostic Settings for PostgreSQL flexible servers to Log Analytics workspace	78ed47da-513e-41e9-a088-e829b373281d	PostgreSQL	GA
Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories.	c717fb0c-d118-4c43-ab3d-ece30ac81fb3	Backup	GA
Deploy Diagnostic Settings for Search Services to Log Analytics workspace	08ba64b8-738f-4918-9686-730d2ed79c7d	Monitoring	GA
Deploy Diagnostic Settings for Service Bus to Log Analytics workspace	04d53d87-841c-4f23-8a5b-21564380b55e	Monitoring	GA
Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace	237e0f7e-b0e8-4ec4-ad46-8c12cb66d673	Monitoring	GA

History

Date/Time (UTC ymd) (i)	Change	Change detail
2025-06-18 17:23:19	change: DataActions	DataActions: 'remove Microsoft.OperationalInsights/workspaces/jobs/export/action'
2025-06-13 17:22:48	change: DataActions	DataActions: 'add Microsoft.OperationalInsights/workspaces/jobs/export/action'
2025-04-22 16:45:35	change: Actions	Actions: 'add Microsoft.AlertsManagement/issues/*'
2024-09-26 17:50:01	change: Actions	Actions: 'add Microsoft.OperationalInsights/workspaces/sharedKeys/read; add Microsoft.OperationalInsights/locations/workspaces/failover/action; add Microsoft.OperationalInsights/workspaces/failback/action'
2024-08-26 18:18:02	change: Actions	Actions: 'add Microsoft.Monitor/accounts/*'
2024-06-20 18:17:31	change: Actions	Actions: 'add Microsoft.AlertsManagement/prometheusRuleGroups/*'
2024-04-05 19:55:31	change: Actions	Actions: 'add Microsoft.Monitor/investigations/*'
2024-01-17 19:06:08	change: Actions	Actions: 'remove Microsoft.WorkloadMonitor/monitors/*'
2023-12-01 19:16:58	change: Actions	Actions: 'add Microsoft.AlertsManagement/investigations/*'
2022-09-06 17:33:15	change: DataActions	DataActions: 'remove microsoft.monitor/accounts/data/metrics/read'
2022-07-25 16:32:45	change: DataActions	DataActions: 'add microsoft.monitor/accounts/data/metrics/read'
2022-03-11 18:17:07	change: Actions	Actions: 'add Microsoft.Insights/createNotifications/; add Microsoft.Insights/notificationStatus/'
2022-03-08 17:46:41	change: Actions	Actions: 'add Microsoft.AlertsManagement/migrateFromSmartDetection/*'
2022-01-04 11:26:52	change: Actions	Actions: 'add Microsoft.Insights/workbooktemplates/*'
2021-11-08 16:50:39	change: Actions	Actions: 'add Microsoft.Insights/dataCollectionEndpoints/*'
2020-11-18 18:53:03	change: Actions	Actions: 'remove Microsoft.WorkloadMonitor/notificationSettings/*'

JSON

api-version=2023-07-01-preview

Condition

none