Issue in signing into portal through Azure AD.
Note: if you are using the Authenticated and Anonymous User Web Roles by default they have a checkbox ticked on them that when checked means their Permissions will be automatically inherited by a logged in user or someone not logged in respectively (i.e. you do not need to directly assign them to users).
For logging in and registering, it kind of depends on what you have turned on/off with the Authentication settings.
If you have turned off Open Registration, then you will generally Create and then Send Invitations to existing Contact records (when the user redeems the invitation it will link their Azure AD to the Contact record). The Create Invitation button is initially only available on the Portal Contact form (not the standard Contact form) on the Contact table. The Invitation has a subgrid where you can attach Web Roles.
If you are only enabling Azure AD (and disabling all other identity providers including Local Login), what you can do is leave Open Registration turned On, and only your Azure AD users will be able to self register. You can also create a Group in Azure to add a subset of users to, and then in the Application (for your Power Pages Site) in Azure restrict access to members of that group against the App (doing so, only that subset of users will be able to register). If there are existing Contact records for your AD users there is also an additional setting on the Power Pages Identity Provider where you can turn on Email mapping when turned on if the AD Users email address matches an existing Contact records email it will link them and if no match creates a new Contact record.
In the Power Pages designer you generally get some buttons etc to setup and configure, but behind the scenes it is just setting Site Settings
Site Settings