Permissions
The Azure CIS v2.0.0 - Section 3 - Storage Accounts policy pack requires 6 permissions:
microsoft.storage/storageaccounts/blobservices/writemicrosoft.storage/storageaccounts/deletemicrosoft.storage/storageaccounts/fileservices/writemicrosoft.storage/storageaccounts/listkeys/actionmicrosoft.storage/storageaccounts/queueservices/writemicrosoft.storage/storageaccounts/write