I have a CDN endpoint with a custom domain mapping (a subdomain of my AAD domain). Access is by https only. Currently, anyone can access content on this CDN.
I need to protect the content from unauthorized access to allow only users authenticated in my AAD domain (and later also guest users, again based on their domain of origin).
How do I accomplish that? Certificates, OAuth2? Something else? I searched high and low but did not find anything useful.