My blog supports Azure AD authentication. I created the Azure AD application inside Visual Studio, by default, all users under my Azure AD will have access to my blog's admin portal. This is not ideal for an enterprise application that needs to limit access for only a few selected users or groups. Let's see how to configure an Application in Azure AD to enable access for just a few users.

Make Yourself Owner of the Application

By default, Applications under Azure AD that are created with Visual Studio doesn't have owners that pointing to your Azure subscription account. We need to manually add ourselves as the owner before going to the next step.

Find your application under the "All Applications" tab in your Azure AD.

Enter "Owners" menu, and add your current Azure admin account as the owner of this application.

Enable User assignment

Click "Managed application in local directory" in the "Overview" page of the Application.

Enter "Properties" menu and set "User assignment required?" to "Yes"

Assign Users

The last step, enter "Users and groups" menu, and add the users or groups that need to access the application.

Now, other users in this Azure AD won't be able to access my blog admin portal any more!

Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-restrict-your-app-to-a-set-of-users