Canvas PowerApps using Common Data Service can easily share data with Azure AD Security Groups
Canvas PowerApps using Common Data Service can be shared with Azure AD Security Groups and data permissions for the group can be set in the PowerApps.com sharing experience. This experience dramatically reduces the overhead in sharing an app and preempts configuring data permissions on a per user basis. This saves substantial time for each app that is shared with tens, hundreds or thousands of users. Apps shared with many users, or a group of users that changes over time, should be shared with an Azure AD security group. You can learn more about creating an Azure security group here.
In PowerApps.com you can share an app with an Azure Group and set the Common Data Service role you expect on the group as part of an inline experience previewed in the screenshot below. A security role must be assigned to users expected to access data in Common Data Service, the role controls which data users with the role can access and update. This security roles and privileges documentation is a good primer to learn more about security roles.
This new capability ensures that as membership for the security group changes, e.g. users are added to the security group or users are removed, Common Data Service security roles are automatically added and removed, respectively, for the users that are part of the group. This helps secure your data so only users in the group have the security role(s) assigned to the group. It also preempts the need to configure security roles on a per user basis in Common Data Service – outside of the context the app being shared.
If you have apps that are shared with many individuals, consider putting those users in a security group, share the app with the security group, un-share the app with the individual users (they’ll still get access via the security group) and then continue to add/remove users from the security group in Azure AD.