Is there a list of definitive permissions published somewhere (Fall and Spring releases) detailing exactly what permissions are required for WVD, both from a provisioning- and operational point-of-view? I have a large high-security client where functions are separated, in other words, security is handled by a completely different team, projects by an unrelated project team who hands over to the operational teams.
In a previous deployment, using the Fall 2019 version, I was able to determine the following:
Security team to create RDS tenant as this will not be delegated,
RDS Contributor assigned to project team (which was the lowest supported permissions),
Microsoft.Network/virtualNetworks/WRITE permissions to join virtual machines to network (I think this related to an issue in the ARM template but is problematic),
Active Directory create computer object (or rather domain join) permissions,
Owner permission required to write captured images to the Shared Gallery.
My deployment stopped at the last point as the security team asked for a full list of all the permissions required as they are not able to entertain back-and-forth requests.