Microsoft Azure Administrator Associate AZ-104

To allow 'Group1' members to upload files using the Azure portal while adhering to the principle of least privilege, you need to assign them the 'Storage Blob Data Contributor' role, which allows read, write, and delete permissions for blob storage. Additionally, you need to assign the 'Reader' role, which grants read access to Azure resource management data. This combination ensures that members can navigate the Azure portal to reach the storage account and upload files, without unnecessary broader permissions.