We can already drive most security configuration from outside of Dataverse in Azure Active Directory (AAD) through group teams, but we can't assign a business unit to a user without a manual intervention on the environment.
Workarounds exist, but they involve implementing custom logic.
Business unit assignment to users is a crucial piece of Dataverse security modeling, as the records created by a user are by default owned by the user's business unit. Also, as all users are created in the root business unit, this means that without any configuration, all records are by default owned by the root business unit.
Ask is to support user business unit assignment from Azure AD security groups.