With the execption of infrastructure setup for Syslog/CEF or WEF/WEC, you can connect all this with the following roles and permissions:
- Azure AD Directory Role - Security Admin
- Azure Subscription RBAC Role - Security Reader (for logs)
- Contributor on the Log Analytics Workspace used for Sentinel (for least privledge, you can use Log Analytics Contributor and Sentinel Contributor)
- AAD Logs, audit and sign-in
- Azure subscription Activity logs (ad-hoc or via Policy)