Explanation:

SSL certificates linked to an IP address.
Firewall rules that allow or deny traffic using IP address ranges.
DNS name resolution, where a change in the IP address would require updating host records.
Role-based VMs such as Domain Controllers and DNS servers.
IP address-based security models which require apps or services to have a static IP address.

Exception:

PS C:\WINDOWS\system32> Get-AzManagementGroup -GroupName XDK_Organisation_Root

Get-AzManagementGroup : The client 'live.com#XXXXXX@XXXXXX.com' with object id '51bf3892'
does not have authorization to perform action 'Microsoft.Management/managementGroups/read' over scope
'/providers/Microsoft.Management/managementGroups/XDK_Organisation_Root' or the scope is invalid. If access was recently
granted, please refresh your credentials.
At line:1 char:1
+ Get-AzManagementGroup -GroupName XDK_Organisation_Root
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzManagementGroup], CloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.ManagementGroups.GetAzureRmManagementGroup

Solution:

The Global Administrator account in Azure AD might not have access to all subscriptions and management groups in the directory. The solution is to elevate the global administrator account in Azure AD to access all subscriptions and management groups.

Azure portal --> Home --> Azure Active Directory -->Properties --> Select "Yes" --> Save.

Explanation:
Go to HOME --> Azure Active Directory --> Devices --> Device settings.

Open Apple Safari and navigate to Azure Active Directory Device Registration service Over-the-Air Profile endpoint for iOS devices.
https://enterpriseregistration.windows.net/enrollmentserver/otaprofile/<yourdomainname>

Where <yourdomainname> is the domain name that you have configured with Azure Active Directory.

https://enterpriseregistration.windows.net/enrollmentserver/otaprofile/xavierdilipkumar.com

Open Apple Safari and navigate to the Device Registration Service (DRS) Over-the-Air Profile endpoint for iOS devices.
https://adf1s.contoso.com/enrollmentserver/otaprofile

1. Log on to the webpage by using a domain account credentials
2. You are prompted to install a profile. On the Install Profile screen, click Install.
3. When prompted to confirm installation of the profile, click Install Now.

4. If your device requires a PIN to unlock the device, you are prompted to enter your PIN.
5. The profile installation is finished when you see the Profile Installed screen. Click Done.
6. Return to Safari. A message informs you that you can close or leave Safari.

Goto HOME --> Azure Active Directory --> Devices --> All devices

Explanation:

By default, applications registered in an Azure AD tenant are available to all users of the tenant who authenticate successfully.

To restrict registered apps from users in Azure AD tenant:
Go to HOME --> Azure Active Directory --> Enterprise applications --> All applications --> <select app> --> Manage - Properties --> "User assignment required?" to Yes

Explanation:

Go to HOME --> Azure Active Directory --> Custom domain names --> Add custom domain --> Enter your custom domain name  --> Add domain

To use xavierdilipkumar.com with Azure AD, create a new TXT record with your domain name registrar using the info provided in the screen

Click Verify