I am the owner of my subscription, and I have a service principal that needs to access the Microsoft Graph API with the below permissions:
evidence as owner:
