Spring Security and Azure: is there a Active Directory group wildcard?

The tutorial at https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory explains how to set up Spring Security with authentication at Microsoft Azure Active Directory.

Disregarding from two little differences (explained here https://stackoverflow.com/questions/43788333/openid-connect-log-in-in-with-office-365-and-spring-security/63517600#63517600 ) this works fine.

In my application.properties there is this property:

azure.activedirectory.active-directory-groups=myADUserGroup

(Hint: azure.activedirectory.active-directory-groups seems to be the deprecated version of the newer azure.activedirectory.user-group.allowed-groups ...)

I don't want to limit on particular groups. Every user with a valid Microsoft account is OK for my use case.
Leaving the property blank or even deleting the property leads to this exception:

Caused by: java.lang.IllegalStateException: One of the User Group Properties must be populated. Please populate azure.activedirectory.user-group.allowed-groups
at com.microsoft.azure.spring.autoconfigure.aad.AADAuthenticationProperties.validateUserGroupProperties(AADAuthenticationProperties.java:148) ~[azure-spring-boot-2.3.1.jar:na]

A possible workaround is to enter some arbitrary group name for the property in application.properties:

azure.activedirectory.active-directory-groups=some-arbitrary-group-name-doesnt-matter

and just do not use @PreAuthorize("hasRole('[group / role name]')").

This works (as long as your app is not interested in the role names) but it does not feel correct.
A) Is there a "right" way to set a wildcard active-directory-group?
B) org.springframework.security.core.Authentication.getAuthorities() seems to deliver only those group names / role names that are entered in that property, so the workaround delivers none (but ROLE_USER). I want to read all the groups / roles at the user. So I ask a second question: How can I get all roles from org.springframework.security.core.Authentication.getAuthorities() without knowing all of them and especially without entering all of them into the "azure.activedirectory.active-directory-groups" property?

For now, it does not support to set a wildcard for azure active directory group.

You can give you voice to azure ad feedback and if others have same demand will voteup you. Much vote will promote this feature to be achieve.

It's not a group wildcard, but if stateless processing suits your need,

azure.activedirectory.active-directory-groups=...

may be replaced with

azure.activedirectory.session-stateless=true

This will activate AADAppRoleStatelessAuthenticationFilter instead of AADAuthenticationFilter, which doesn't require specifying groups via azure.activedirectory.active-directory-groups.
The roles you want to use have to declared in the application manifest

As there is no support for a wildcard for groups at the moment, I built a workaround by ignoring whether the user group is valid or not.

For this I made a copy of com.microsoft.azure.spring.autoconfigure.aad.AzureADGraphClient and commented out this code snippet:

.filter(this::isValidUserGroupToGrantAuthority)

and I made a copy of com.microsoft.azure.spring.autoconfigure.aad.AADOAuth2UserService with

graphClient = new MyAzureADGraphClient(...

instead of

graphClient = new AzureADGraphClient(...

And in the SecurityConfiguration I injected the AAD properties:

@Autowired(required = false) private AADAuthenticationProperties aadAuthenticationProperties;
@Autowired(required = false) private ServiceEndpointsProperties serviceEndpointsProps;

and called my own AADOAuth2UserService in void configure(HttpSecurity http):

EvaAADOAuth2UserService oidcUserService = new EvaAADOAuth2UserService(aadAuthenticationProperties, serviceEndpointsProps);
httpSecurity.oauth2Login().loginPage(LOGIN_URL).permitAll().userInfoEndpoint().oidcUserService(oidcUserService);