Using Roles in Azure Applications

I was spending some time today (finally) looking at how to get what I really consider the baseline functionality of claims – apps, users and roles – all working together with one of my Azure AD apps. Azure has been pushing out pieces of an RBAC-based infrastructure for a few months now, and I wanted to see about integrating my old friend Roles into my app. Alex Simmons posted a great overview and introduction to the concept here: https://blogs.technet.com/b/ad/archive/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles.aspx. As I began rolling out some code and testing some different scenarios, I wanted to capture a few notes about this process for those of you heading down this path as well: