First the justification. Typically a CMS is a public facing application, with a backend system where the site admins will publish content etc, and then the public side where the public / authorized members can view content. Umbraco is built for this, and hence has 2 totally independent authentication systems - one for the backend and one for the content.
We want to use Umbraco in an intranet environment, authenticated against Azure AD, such that if any user successfully authenticates against the tenant, they get to view all the content, and if we have their e-mail address in our admin users table (or they are a member of a particular Azure group), they can get backend access. Bottom line, I don't want 2 separate user lists, just one, where we can selectively grant backend access to particular users.
I have researched this quite a bit and cannot find a way to bend the built-in systems to do this, so instead I want to implement Identity such that it will behave this way - not having separate backend and frontend authentication.
There is no config option I can see to just disable Umbraco authentication altogether.
I might not fully get the issue here... But you should be able to set up the website in IIS to only be accessible if the user is part of your AD. This part is not Umbraco specific, I think - might even be as easy as enabling Windows authentication? (https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/windowsauthentication/)
And then you could further setup Umbraco to use AD as auth for the backoffice (https://our.umbraco.com/documentation/Reference/Security/#authenticating-with-active-directory-credentials - see also https://github.com/umbraco/UmbracoIdentityExtensions).
Looks like you could then simply add your Umbraco admins using their AD username - then they should have access to the backoffice automatically. So your "admin user list" would be Umbraco itself.
Again, sorry if I didn't quite understand your question.