Azure Permissons

docs/docs-content/clusters/public-cloud/azure/azure-cloud.md

@@ -15,7 +15,7 @@ Palette supports integration with Azure and [Azure Government](https://azure.mic
 
 * A [Palette](https://console.spectrocloud.com/), or VerteX account. 
 
-* An active [Azure cloud account](https://portal.azure.com/) with sufficient resource limits and permissions to provision compute, network, and security resources in the desired regions.
+* An active [Azure cloud account](https://portal.azure.com/) with sufficient resource limits and permissions to provision compute, network, and security resources in the desired regions. Refer to the [Required Permissions](./required-permissions.md) section for more information.
 
 * An [Azure App](https://learn.microsoft.com/en-us/azure/app-service/overview) with valid credentials.
 
@@ -44,46 +44,14 @@ Use the following steps to add an Azure or Azure Government account in Palette o
 |**Client Secret**| Azure secret for authentication. Refer to Microsoft's reference guide for creating a [Client Secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-an-azure-active-directory-application).  |
 | **Cloud** | Select **Azure Public Cloud** or **Azure US Government**. |
 |**Tenant Name**| An optional tenant name.|
-|**Disable Properties**| This option disables Palette importing Azure networking details. Disabling this option requires you to create a Microsoft Entra application and manually obtain account information. To learn more, refer to the [Disable Palette Network Calls to the Account](#disable-palette-network-calls-to-the-account) section below. |
+|**Disable Properties**| This option disables the ability for Palette or VerteX to create an Azure Virtual Network (VNET) on your behalf for static placement use cases. Static placement deployments will require all users to manually specify a pre-existing VNET during the cluster creation process.  |
 |**Connect Private Cloud Gateway**| If you will be launching Managed Kubernetes Service (AKS), use the **drop-down Menu** to select a [self-hosted PCG](gateways.md) that you created to link to the cloud account.|
 
 6. After providing the required values, click the **Validate** button. If the client secret you provided is correct, a *Credentials validated* success message with a green check is displayed.
 
 7. Click **Confirm** to complete the registration.
 
 
-#### Disable Palette Network Calls to Azure Account  
-
-<details>
- <summary>Expand to learn more about disabling properties.</summary>
-
-When you provide your cloud account information, Azure networking details are sent to Palette unless you disable network calls from Palette to the account. To disable network calls, select the **Disable Properties** option.  
-
-Disabling network calls requires that you create a [Microsoft Entra](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#create-an-azure-active-directory-application) application, which can be used with Role-Based Access Control (RBAC). Follow the summary steps below to create a new Microsoft Entra application, assign roles, and create the client secret.  
-
-:::tip
-Microsoft Entra replaces the Azure Active Directory (AAD) application. For more information, review the [Microsoft Entra](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#create-an-azure-active-directory-application) reference guide.
-:::
-
-
-1. Create a new Microsoft Entra application and note down your ClientID and TenantID. Refer to the [Create a Microsoft Entra application and service principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-an-azure-active-directory-application) reference guide.
-
-2. Next, assign yourself the [User Access Administrator](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#user-access-administrator) role to allow you to manage user access to Azure resources. You need this role assignment to assign the role in step 3. For guidance, refer to [Assign a Role to the Application](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#assign-a-role-to-the-application).
-
-3. With User Access Administrator privilege, you can now assign yourself the minimum required [Contributor](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor) role, which grants full access to manage all resources.
-
-  To learn about Azure roles, review [Azure Roles, Microsoft Entra Roles, and Administrator Roles](https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles).
-
-4. Create a client secret. Refer to [Create a Client Secret](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#option-3-create-a-new-client-secret) for guidance.
-
-  :::warning
-
-  Safely store your client secret, as it will not be available later as plain text.
-
-  :::
-
-</details>
-
 ## Validate
 
 You can verify your account is added.

docs/docs-content/clusters/public-cloud/azure/azure.md

@@ -20,23 +20,34 @@ Learn how to deploy a cluster to Azure by using Palette. Check out the [Deploy a
 
 To learn more about Palette and Azure cluster creation and its capabilities check out the following resources:
 
-- [Register and Manage Azure Cloud Account](azure-cloud.md)
-
+- [Azure Architecture](architecture.md)
 
-- [Create and Manage IaaS Azure Cluster](create-azure-cluster.md)
+- [Cluster Management Day Two Operations](../../cluster-management/cluster-management.md)
 
+- [Cluster Removal](../../cluster-management/remove-clusters.md)
 
 - [Create and Manage Azure AKS Cluster](aks.md)
 
+- [Create and Manage IaaS Azure Cluster](create-azure-cluster.md)
 
 - [Deleting an Azure Cluster](../../cluster-management/remove-clusters.md)
 
+- [Register and Manage Azure Cloud Account](azure-cloud.md)
+
+- [Required Permissions](required-permissions.md)
+
+
+
+
+
+
+
+
+
+
 
-- [Cluster Management Day Two Operations](../../cluster-management/cluster-management.md)
 
 
-- [Azure Architecture](architecture.md)
 
 
-- [Cluster Removal](../../cluster-management/remove-clusters.md)
 

docs/docs-content/clusters/public-cloud/azure/create-azure-cluster.md

@@ -84,10 +84,10 @@ Use the following steps to deploy an Azure cluster.
 
   If you have custom storage accounts or containers available, you can attach them to the cluster. To learn more about attaching custom storage to a cluster, check out [Azure storage](../azure/architecture.md#azure-storage).
 
-  :::warning
 
-  If the Azure account is registered with **Disable Properties** and **Static Placement** options enabled, then Palette will not import the network information from your Azure account. You can manually input the information for the **Control Plane Subnet** and the **Worker Network**, but be aware that **drop-down Menu** selections will be empty. To learn more about these settings and certain requirements to use them, refer to [Disable Properties](azure-cloud.md#disable-palette-network-calls-to-azure-account). 
+  :::warning
 
+  If you enable the setting **Disable Properties** when [registrating an Azure cloud account](./azure-cloud.md#add-azure-cloud-account), you disable the ability for Palette to create an Azure virtual network and must manually specify a virtual network during the cluster creation process. 
   :::
 
   |**Parameter**| **Description**|