I can create an App Role in the Registered Apps blade of AD. I can then add a user to an Enterprise App with that role. However, I can't figure out how, from a desktop WPF app, I can figure out the roles of the authenticated user (through MSAL) and therefore use that role in my code.