Comment by subscribed

We use Entra as our source of truth for users, groups, roles, permissions, intune, etc.

It get distilled down to various LDAP servers, but it's our primary SSO with MFA (several options, WebAuthn, U2F, TOTP, passkeys).

Our users (using various flavours of Linux/Windows 10, 11/Mac workstations, iOS/Android phones (inc. GrapheneOS), windows VDI) are simply enjoying the reliable authentication everywhere. Some time ago we added all our customers and all the customer services are on SSO+MFA on Entra too.

We protect almost everything with it and it "just works". Linux, windows servers, git* servers, integrations with colocation providers and suppliers, ancient things like odd IPsec, svn server or console switch.

Seriously if someone tells you your Linux or android is a problem, they're either lying or dangerously incompetent.