As we continue to improve our process and work through least privileged roles. I find this Microsoft doc to be very helpful when trying to find what role is needed to perform what task.
Least privileged roles by task – Azure Active Directory – Microsoft Entra | Microsoft Docs
I’m also starting with just in time access to our Azure VMs and Privileged Identity Management for access into Azure. Its a slow process rolling back how we always did it before and moving to a more secure method.