I've been playing with RBAC in Azure AD, in particular custom application roles.
It all works well, but is a bit manual, i.e. downloading, editing and uploading the manifest and then assigning each user/group to one of these roles via the management portal.
Is there a way to do that via powershell or even code, say the Graph API?
If not, I presume it's a planned feature, so does anyone know a the likely ETA?
Right now this feature is not available via the AAD PowerShell Module, but it will find its way there eventually. We are working on releasing a new PowerShell module soon that sits atop ADAL which means we will soon be making cmdlets that directly target the Graph API.
For now, you can make direct queries using the Graph Client Library or pure REST calls. I believe an example of setting Application Roles should be available in this sample: https://github.com/Azure-Samples/active-directory-dotnet-graphapi-console
I hope this helps! Shawn Tabrizi