Hi @Liam Eisenhaur ,
Welcome to Microsoft Q&A!
Once the app has been registered in Azure, it gets a Service principal created for it which can be used in Azure role-based access control. Azure monitor has Built-in roles which can be assigned to the registered application's service principal for desired access (Reader, Contributor or Custom). The role-based access control is set at resource level. Please refer to this link for ApplicationInsights related details, and this link for log analytics.
---
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.