@ABITBOL Ilan
Thank you for your post and I apologize for the delayed response!
If I want to access the user password policies is a less privileged role than the "Authentication Policy Administrator" role usable?
- Based off our documentation, it looks like the Authentication Policy Administrator, would be the least privileged role to manage auth method and password protection policies.
For the storage accounts, which role allows to read everything without being able to modify or assign roles?
- Any type of reader role should allow you to read everything without being able to modify or assign roles.
Storage Roles
Storage Blob Data Reader
Storage File Data SMB Share Reader
Storage Queue Data Reader
If the built-in AzureAD and RBAC roles don't meet your specific needs, I'd also recommend looking into creating custom roles.
Create or update Azure custom roles using the Azure portal
Create and assign a custom role in Azure Active Directory
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.