Add note about file policy permissions

Added prerequisites for setting up the first File Policy and clarified permissions needed.

Author: AbbyMSFT

defender-for-cloud-apps/data-protection-policies.md

@@ -44,6 +44,11 @@ The following are examples of file policies that can be created:
 
 * **Sensitive file extension** - Receive an alert about files with specific extensions that are highly exposed. Select the specific extension (for example, crt for certificates) or filename and exclude those files with private sharing level.
 
+##Prerequisites
+
+To set up the first File Policy in a tenant, you need Microsoft Entra **Service Principal** permissions. **Service Principal** permissions are only automatically given if no file policy exists yet. After the first file policy is created, you can create more  without needing those permissions.
+
+
 ## Create a new file policy
 
 To create a new file policy, follow this procedure:
@@ -98,8 +103,6 @@ To create a new file policy, follow this procedure:
 
 :::image type="content" source="media/file-policy-edit-and-preview-results.png" alt-text="Screenshot that shows how you can see a preview of the filtered results for file policies.":::
 
-
-
 1. To view file policy matches, files that are suspected to violate the policy, go to **Policies** -> **Policy management**. Filter the results to display only the file policies using the **Type** filter at the top. For more information about the matches for each policy, under the **Count** column, select the number of **matches** for a policy. Alternatively, select the three dots at the end of the row for a policy and choose **View all matches**.  This opens the **File policy report**. Select the **Matching now** tab to see files that currently match the policy. Select the **History** tab to see a history back to up to six months of files that matched the policy.
 
 ## Limitations