Update permissions required for the colletor

Solutions/Microsoft Exchange Security - Exchange Online/Data Connectors/ESI-ExchangeOnlineCollector.json

@@ -59,12 +59,20 @@
         ],
         "customs": [
             {
-                "name": "Microsoft.Web/sites permissions",
-                "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."
+                "name": "microsoft.automation/automationaccounts permissions",
+                "description": "Read and write permissions to create an Azure Automation with a Runbook is required. [See the documentation to learn more about Automation Account](https://learn.microsoft.com/en-us/azure/automation/overview)."
             },
             {
-                "name": "microsoft.automation/automationaccounts permissions",
-                "description": "Read and write permissions to Azure Automation Account to create a it with a Runbook is required. [See the documentation to learn more about Automation Account](https://learn.microsoft.com/en-us/azure/automation/overview)."
+                "name": "Microsoft.Graph permissions",
+                "description": "Groups.Read, Users.Read and Auditing.Read permissions are required to retrieve user/group information linked to Exchange Online assignments. [See the documentation to learn more](https://aka.ms/sentinel-ESI-OnlineCollectorPermissions)."
+            },
+            {
+                "name": "Exchange Online permissions",
+                "description": "Exchange.ManageAsApp permission and **Global Reader** or **Security Reader** Role are needed to retrieve the Exchange Online Security Configuration.[See the documentation to learn more](https://aka.ms/sentinel-ESI-OnlineCollectorPermissions)."
+            },
+            {
+                "name": "(Optional) Log Storage permissions",
+                "description": "Storage Blob Data Contributor to a storage account linked to the Automation Account Managed identity or an Application ID is mandatory to store logs.[See the documentation to learn more](https://aka.ms/sentinel-ESI-OnlineCollectorPermissions)."
             }
         ]
     },
@@ -205,7 +213,7 @@
                             },
                             {
                                 "title": "D. Exchange Online Role Assignment",
-                                "description": "1. As a **Global Administrator**, go to **Roles and Administrators**.\n2. Select **Global Readers** role and click to 'Add assignments'.\n3. Click on 'No member selected' and search your Managed Identity account Name beginning by **the name of your automation account** like 'ESI-Collector'. Select it and click on 'Select'.\n4. Click **Next** and validate the assignment by clicking **Assign**."
+                                "description": "1. As a **Global Administrator**, go to **Roles and Administrators**.\n2. Select **Global Reader** role or **Security Reader** and click to 'Add assignments'.\n3. Click on 'No member selected' and search your Managed Identity account Name beginning by **the name of your automation account** like 'ESI-Collector'. Select it and click on 'Select'.\n4. Click **Next** and validate the assignment by clicking **Assign**."
                             }
                         ]
                     },