You have an Azure subscription that contains a user named Admin1 and a resource group named RG1.
RG1 contains an Azure Network Watcher instance named NW1.
You need to ensure that Admin1 can place a lock on NW1. The solution must use the principle of least privilege.
Which role should you assign to Admin1?