Caveats of not having the role directly assigned to the user are listed in blogs from Alex Meyer and André Arnaud de Calavon (me). https://alexdmeyer.com/2019/02/10/configuring-azure-ad-group-security-in-d365fo/ https://dynamicspedia.com/2019/09/how-to-use-azure-active-directory-for-managing-users-and-security-in-dynamics-365-for-finance-and-operations/ With a new enhanced feature, we should strive to have the roles linked to the Entra ID group directly associated with the user.
