I'm relatively new to Azure Active Directory & trying to understand some best practices or guidelines for administering custom roles & permissions for application use.
For instance, I might want to create a Role of "Technician" & they have permissions such as "firmware.upgrade" or "product.view" to be enforced within application & endpoints.
Would "Technician" actually be an Azure AD Group then & I could assign custom roles "firmware.upgrade" & "product.view" to that group? Can it even work that way?
Also, I could consider Application Roles, but "Technician" (and others) would be a role used across several applications. So I wasn't sure if an Application Role makes sense to use.