With DRA 10 supporting Azure AD users and groups, Temporary Group Assignments capability can be extended to handle Azure AD identities
This is a great feature to provide time-based privileges to the user to resources/applications and if this capability is extended to support Azure AD identities, it can have a different dimension to use both On-prem and Azure resources/applications
Possible use case:
Adam a contract employee joins an organization. He is provisioned in Azure AD for various application access as part of being a product team.
He also requires Office 365 application access only for a month in his tenure. Instead of giving him privilege access to Adam for his entire tenure, he can be added to a group (that has access to O365 applications) on a temporary basis whenever he is needing it automatically and de-provision him. This way, the license/subscriptions can be better managed