The concept of virtual users may differ slightly from your understanding. Think of them as a temporary representation of a user that could get its data from anywhere e.g. your azure providers.
Without virtual users, the default is that all user details are stored in the core aspnet membership tables. Virtual users allow people to 'login' but wouldn't create associated database records.
One common scenario, which it sounds like you are using, is that user and role data is held elsewhere (azure/ad). At the point this data is queried a virtual user is created with the associated roles / profiles etc. As sitecore then evaluates security this virtual user data is used.
The advantage of using them over something like session is that all the sitecore security layers will respect the data held in them. If you did something custom that would require lots of dev effort.
There is no link between virtual users and licence based users - licence's typically allow concurrent editors to the cms which is a different concept to 'users'.