diff --git a/src/domains/qi-common/00_azuread.tf b/src/domains/qi-common/00_azuread.tf
index e0d043578..07bd7e6ce 100644
--- a/src/domains/qi-common/00_azuread.tf
+++ b/src/domains/qi-common/00_azuread.tf
@@ -22,6 +22,11 @@ data "azuread_group" "adgroup_security" {
 resource "azuread_application" "qi_app" {
   display_name = "${local.product}-qi"
   owners       = ["c7636d10-4f78-43bd-89f6-555c7d82e02c"]
+  lifecycle {
+    ignore_changes = [
+      owners
+    ]
+  }
 }
 
 resource "azuread_service_principal" "qi_sp" {
@@ -29,7 +34,7 @@ resource "azuread_service_principal" "qi_sp" {
 }
 
 # https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#role-based-access-control-administrator
-resource "azurerm_role_assignment" "qi_monitoring_contributor" {
+resource "azurerm_role_assignment" "qi_monitoring_reader" {
   scope = data.azurerm_subscription.current.id
   #  https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/monitor#monitoring-reader
   role_definition_name = "Monitoring Reader"
diff --git a/src/domains/qi-common/README.md b/src/domains/qi-common/README.md
index e3ab95515..396889432 100644
--- a/src/domains/qi-common/README.md
+++ b/src/domains/qi-common/README.md
@@ -50,7 +50,7 @@
 | [azurerm_resource_group.qi_evh_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.qi_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
-| [azurerm_role_assignment.qi_monitoring_contributor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.qi_monitoring_reader](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_subnet.eventhub_qi_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
 | [null_resource.github_runner_app_permissions_to_namespace_cd_01](https://registry.terraform.io/providers/hashicorp/null/3.2.1/docs/resources/resource) | resource |
 | [null_resource.github_runner_app_permissions_to_namespace_ci_01](https://registry.terraform.io/providers/hashicorp/null/3.2.1/docs/resources/resource) | resource |