Restrict access to AD application, using AD group via Azure Portal

Inside of my Azure Active Directory setup, I have the following:

Groups:

• An AD group for my application (with several users in it)

App Registrations:

• An AD application for my SPA

I want to restrict access to this SPA (AD app) to only users in the AD group I created for my application.

At the moment, anyone in my org can log in to the SPA.
I don't want this.

How can I prevent people outside of this AD group (but still in my org) from logging in to my AD app?

You can refer to this document to restrict Azure AD applications to a group of users in an Azure AD tenant.