Role-based Authorization Strategy plugin works excellent with azure-ad plugin if add users and groups via object_id.
If you add user using object_id, then plugin performs check_name request (validation) and if user was found validation response returns user fullname for representation - source. If you add group using object_id, then validation won't return group display name and will be represented as it was requested - source.
It's hard to manage access when dozens of group added to the table.

Please add ability to represent Azure groups by group name if the AzureSecurityRealm in use or just simple check if groupName property is available for group object (AzureAdGroup class). Another option is ability to provide notes for Users/Groups, then we can describe what exact name stands behind the id.