Overview
The Essential Mode provides Lucidity with read-only permissions to collect metadata required to perform an assessment. In this mode, Lucidity does not make any configuration changes to your Azure environment. No resources such as Log Analytics Workspaces, Data Collection Rules, or VM Insights extensions are created or modified.
Essential Mode enables Lucidity to securely gather VM and Disk metadata, disk utilization, and cost data to calculate optimization opportunities — without writing, modifying, or deleting any resources. This mode is ideal for customers who prefer a non-intrusive, observation-only assessment aligned with least-privilege principles.
For ease, ensure that the Azure user running the assessment or the Service Principal used for assessment has Reader or equivalent custom permissions at the subscription level.
Permission Policy Statement
"permissions": [
{
"actions": [
"Microsoft.CostManagement/query/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read",
"Microsoft.Insights/Metrics/Read",
"Microsoft.Insights/MetricDefinitions/Read",
"Microsoft.Insights/Metricnamespaces/Read",
"Microsoft.RecoveryServices/vaults/read",
"Microsoft.RecoveryServices/vaults/replicationProtectedItems/read",
"Microsoft.ContainerService/managedClusters/read",
"Microsoft.ContainerService/managedClusters/agentPools/machines/read",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/virtualMachineScaleSets/read",
"Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Insights/Logs/Read",
"Microsoft.OperationalInsights/workspaces/query/InsightsMetrics/read",
"Microsoft.OperationalInsights/workspaces/query/read",
"Microsoft.Compute/virtualMachines/extensions/read",
"Microsoft.Compute/virtualMachines/instanceView/read",
"Microsoft.Insights/DataCollectionRuleAssociations/Read",
"Microsoft.Insights/DataCollectionRules/Read",
"Microsoft.OperationalInsights/workspaces/read",
"Microsoft.OperationsManagement/managementAssociations/read",
"Microsoft.OperationsManagement/managementConfigurations/read",
"Microsoft.OperationsManagement/solutions/read",
"Microsoft.Authorization/locks/read",
"Microsoft.Compute/virtualMachines/runCommand/action",
"Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommand/action"
],
"dataActions": [],
"notActions": [],
"notDataActions": []
}
]