[Documentation Issue] - Subscription level access or RG level access for AVD SP

[apple-sauce]

Let us know the feedback or general question

From the avd link - https://learn.microsoft.com/en-us/azure/virtual-desktop/autoscale-create-assign-scaling-plan?tabs=portal#assign-the-desktop-virtualization-power-on-off-contributor-role-with-the-azure-portal

More specifically "Assigning this role at any level lower than your subscription, such as the resource group, host pool, or VM, will prevent autoscale from working properly."

After running the accelerator, we noticed that the perms for the azure virtual desktop service principal assigned the rights at the resource group level and NOT the subscription level which is what your documentation states

[danycontre]

@apple-sauce thank you for your feedback, our general recommendation is to grant access at the subscription level, given the fact that if you do at resource group level you will need to make sure host pools and VMs are resource groups are included.

The AVD LZA does it at resource group level because we are granting RBAC access on the required resource groups of the deployment, we don't do it at subscription level because we don't own the subscription and we don't know what other resources your subscription may contain.

Are you having issues with auto scaling of your session hosts?

Please let us know if additional information is needed.