azure application security groups
Please allow to add any resource to application security groups not only virtual machines. Maybe this is possible, but documentation only references vms.
Maybe allow to add AD registered apps, managed identities.
Maybe allow to add resource groups to ASG that covers all resources in that rg. This wil allow all resources in a rg to access resources in another rg.
Basically it should be easy to add resources to groups as you would users in AD.