The repository https://github.com/mattruma/SampleAzureADAuthentication has a couple of a sample ASP.NET MVC Core 2.2 applications demonstrating how to authenticate a user against Azure AD and authorize a user based on Security Groups in Azure AD.
The first example uses a custom IAuthorizationFilter to look at the groups in principal claims.
The second example uses a custom AuthorizeAttribute, primarily so I could pass in an array for string values, in my case, constants. This example also uses OpenIdConnect and adds roles claims for the each of the group claims.
There were even a few more other ways to do this, but these I found to be the straight forward.