Hope you are well. We are moving a team of resouces (System admin, Network etc.) who are managing on-premise environment to managing azure environment.
Do I need to create their IDs in Azure AD first, than add these IDs to contributor role at resource group/resource level in Azure portal.
For example I have a resource group for virtual machines. So I create a Systemadmingroup (Assigned) in Azure AD and than create a user for system admin (Users1) and add it to Systemadmingroup group.
Than I add this group - Systemadmingroup to contribitor role for the resources group created for virtual machine.
Is this the right approach.