Hello

Would it be possible to add the ability to pass in the ID of a user-assigned managed identity for policy remediation, instead of only using the system-managed identity?

We have some use cases where we may split some policy assignments across hub & spoke components of a landing zone - but the result would create two different MSI's that may not have the cross-subscription permissions.

An example - automatic vNet peering. The MSI must have permission on both the hub & spoke subscriptions. In this case it would be easier to pass a user-assigned identity so we can manually assign the permissions across subscriptions.