I think you should indeed. Something like "Example on how to set up your Azure service principal" with the often needed roles and API permissions needed. This is the kind of thing that could be added to Docs/Intro to Pulumi/Cloud Providers/Azure section and reference as well in the Docs/User Guides/Continuous Delivery/Azure DevOps.
In order to make it work properly in my case I had to :
• add the contributor role to the SP on the subscription
• add the user access administrator role to the SP on the subscription
• Add the Application.ReadWrite.OwnedBy permission of Azure Active Directory Graph API to the SP