[hirako2000]

The argument is that because so much is now cloud services in the browser, it makes centralised AD far less holistic hence better assess the cloud services settings for compliance. There is some truth and risk in that, go reset the password of those 3 services not supporting SSO. Reality about security is to deal with the admin trouble, MS isn't removing processes, education, trust, and their costs, it likes to give the impression that it does hence asking you money for removing the difficult invonvenience of actual security needs