You have it nicely described in the documentation:
For Dynatrace to monitor your services, you need at least reader permissions. The steps below describe adding the service principal reader permissions and refer to a common, single-tenant access approach. Before that, we recommend getting familiar with our recommendations regarding how to configure Azure service principal to avoid Azure throttling limits.
When you follow the instructions in the documentation you get an error?
Did you get change to see below doc for service principal.
Available in doc:
To create a service principal in Azure Portal, you must register your application in the Azure Active Directory and grant access permissions for your service principal.
To register your application
Go to the Azure Management Portal and select Azure Active Directory.
Copy the value of Tenant ID and save it as Tenant ID for future retrieval. This is required to configure Dynatrace to connect to your Azure account.
Select App registrations in the navigation pane of the selected Active Directory.
Select New registration at the top of the App registrations blade and type the name of your application.
Leave all other settings with their default values and select Register.
Copy the value of Application (client) ID and save it as Client ID for future retrieval.
Select Certificates & secrets > New client secret to create a new security key.
Enter a key description, choose the desired key duration, and then select Add to save the new key.
Copy the value of Value and save it as Secret Key for future retrieval.
Hope this helps..