If your users are managed in Azure Active Directory, it’s fairly straightforward to give them Azure SQL access by assigning them to an Azure Active Directory Group:
1) Create a Group in Azure Active Directory via the Portal or command
line. For example, you could name the group SQL ReadOnly
2) Assign Azure AD Users to that group.
3) Now log into the database as an administrator. Note that you need to use your own Azure login to run the subsequent commands—logging in via password won’t work.
4) Create a USER corresponding to the Azure AD Group we just created in the SQL Server instance, and then
assign that user to the appropriate local SQL Server roles, such as db_datareader:
CREATE USER [SQL ReadOnly] FROM EXTERNAL PROVIDER
EXEC sp_addrolemember 'db_datareader', 'SQL ReadOnly'
Now any of the users that are members of the SQL ReadOnly group can access that database
in read-only mode. From SSMS, they would log in using their AzureAD login by selecting an
Active Directory authentication method, e.g. Active Directory - Universal with MFA support