I have a doubt on one of the plugins permissions, that is Azure AD Admin. The documentation says, we need the global administrator role for the App created in entra to set up this plugin in Rapid7 InsightConnect, but we are little hesitant to assign such a privileged role. Is it possible to setup the plugin without the Global administrator role and what actions we can perform out of the listed actions said to be carried out by the plugin in question if the global administrator role is not assigned?
Global Administrator is not required for this plugin. The functionality is driven by the Microsoft Graph API permissions assigned to the app registration, so you can reference the API documentation for the specific actions you plan to use and grant only those permissions.
Some actions, such as resetting passwords or managing user accounts, may require an appropriate Entra role. In most cases, a role like Help Desk Administrator or User Administrator is sufficient rather than a highly privileged role.
If you are only using a subset of the plugin’s actions, you can limit both the API permissions and assigned roles to just what is needed for those specific operations, keeping the setup aligned with least privilege.