You are developing an Azure web application that requires user authentication using Entra ID (formerly Azure AD). You need to ensure that only users from a specific group within your Entra ID tenant can access a particular feature of the application. Which of the following approaches should you implement to achieve this requirement?