With Business Central 2023 release wave 1 (BC22) the "Control Access to Business Central Using Security Groups" got introduced:

https://learn.microsoft.com/en-us/dynamics365/business-central/ui-security-groups

Onpremises this feature works fine with the credential type "Windows" and an Active Directory hosted onpremises.

Unfortunately this does not work onpremises in combination with AAD-Authentication (or credential type "AccessControlService").

So basically, you're unable to use this feature onpremises if you're using AAD-Authentication.

The Security Group page changes depending on your WebClients authentication type. If you use AAD-Authentication (AccessControlService), Business Central is unable to retreive the AAD Security Groups.

For whatever reason this is currently not supported and the Microsoft support told me to open an "idea" for that.

Side note:

In my opinion this is a bug which has to be fixed and not a feature request!