If you only want to detect virtual machines using device discovery, your Azure Application ID must have the Reader role. If you want not only to detect virtual machines, but also to deploy protection by means of the Azure API, your Azure Application ID must have the Virtual Machine Contributor role.
Follow the instructions on the Microsoft website to assign a role to your Azure Application ID.
Page top