We have successfully imported and connected our SWSD to our Azure via the Service Desk application. We have an All Employee group in our active directory that includes, wait for it...All Employees. This keeps it simple as users come and go they are added or removed from that group. We have them all being dumped in as Requesters but if we assign a different role like Admin, Service Agent User, or Service Task User manually, during the next sync they are moved back to Requester.
For our Admins we solved this by putting them in individually in the app integration as a user instead of app and selected their role to be Admin and it seems to be sticking. My question is, is this the best way to handle this or is there a better way?