diff --git a/modules/installation-azure-permissions.adoc b/modules/installation-azure-permissions.adoc
index ebafb24e6a54..5973a9afd3df 100644
--- a/modules/installation-azure-permissions.adoc
+++ b/modules/installation-azure-permissions.adoc
@@ -7,9 +7,15 @@
 [id="installation-azure-permissions_{context}"]
 = Required Azure roles
 
-{product-title} needs a service principal so it can manage Microsoft Azure resources. Before you can create a service principal, your Azure account subscription must have the following roles:
+{product-title} needs a service principal so it can manage Microsoft Azure resources. Before you can create a service principal, review the following information:
+
+Your Azure account subscription must have the following roles:
 
 * `User Access Administrator`
 * `Contributor`
 
+Your Azure Active Directory (AD) must have the following permission:
+
+* `"microsoft.directory/servicePrincipals/createAsOwner"`
+
 To set roles on the Azure portal, see the link:https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal[Manage access to Azure resources using RBAC and the Azure portal] in the Azure documentation.