Background: I am following https://docs.microsoft.com/en-us/azure/azure-monitor/platform/metrics-store-custom-rest-api to import custom logs into a Azure Storage account. This fails due permissions on the resource id: The Azure AD object '' does not have permissions to perform action 'Microsoft.Insights/Metrics/write' over scope '.
I tracked the issue down to the fact that the Storage Account Access Control (IAM) does not list the application to allow to write to it. (Note that I created a customer .NET application).
I went back to the How to: "Add role assignments" in https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
Still if I follow this procedure, the new created application does not show in the Azure role assignments. (not service principal, no app.) I am subscription owner as well global admin on the AAD.
Question: What is the correct procedure to allow a App Registration as in the above to write to a new created storage account?