I followed the recommendation and did the below steps in my test environment. Wanted to make sure if these steps assure me that I have given the minumum permission to only read and export data from the database for the new group.
1. I have created the group in AD and made it member of DOMAIN USERS.
2. Added the group to SQL Server with PUBLIC role.
3 Added the group to the Database
- No default schema assigned
- Doesn't own a schema
- Has a DATA READER database Role.