...
Use the infrastructure pipeline to create and publish all Azure services to the correct resource group
Create/update application settings in the app service
Create/update all key vault values
Create/update the database schema
Create/update all application settings (ie appsettings.<environment>.json) in the solution
Ensure all API permissions needed by the application in the Azure AD app registration have been added
Expose scopes so that other applications can subscribe to them through API permissions. These are the same scopes that are referenced in a client application's app settings for making requests to the service.
Add the application roles so that Azure AD users and groups can be assigned to them. The roles map 1-to-1 with the API scopes that we just exposed.
From the app registration’s Overview settings, navigate to the enterprise application settings and assign Azure AD user groups to a role in the application. Since this is a shared API, there are obviously many more groups to be added. Also notice that 1 entry must be made on a per application role basis.
