...
Create a custom role with:
"Microsoft.Network/virtualNetworks/subnets/join/action"
"Microsoft.Network/networkSecurityGroups/join/action"
You can create a custom role. For instructions for creating a role, see the Creating a Custom Role at the Subscription Level section.
Go to IAM tab under Existing VNet and assign this custom role to managed Identity.
.png?version=2&modificationDate=1710411960367&cacheVersion=1&api=v2&width=723)
Click Add > Add role assignment. For further detailssteps, see the Adding Managed Application Contributor Role section.
...