Contoso's developer team has specific requirements for accessing resources in Sub1 using their current contoso.onmicrosoft.com credentials. Additionally, it is crucial that the membership of the ContosoDevelopers group is verified on a monthly basis. Given these criteria, what should you create in Azure AD to fulfill these requirements?