Best practice recommendations for managed system identities - Microsoft Entra
Summary
Recommendations on when to use user-assigned versus system-assigned managed identities
Highlights
Using Azure AD groups for granting access to services is a great way to simplify the authorization process. The idea is simple – grant permissions to a group and add identities to the group so that they inherit the same permissions. This is a well-established pattern from various on-premises systems and works well when the identities represent users. Another option to control authorization in Azure AD is by using App Roles, which allows you to declare roles that are specific to an app (rather than groups, which are a global concept in the directory). You can then assign app roles to managed identities (as well as users or groups). ([View Highlight] (https://read.readwise.io/read/01h9mjkk3s4k8mmxh5czp1nw0w))