AD is also better and more feature complete. It was born out of necessity, but it's had decades of refinement in thousands of deployments that the OSS solutions haven't had.
Because AD is a security nightmare. It is a collection of ~30 distinct protocols, e.g. bastardized versions of LDAP, Kerberos, DNS, DHCP, X.509 and a few RPC protocols that are all weirdly intertwined, with 30 year old designs. Every few months there is another CVE like 'oh, we forgot to checksum and sign that one field over there, please install this incompatible patch or you will have unauthed RCE'. Since all those patches make things break, there is a lot of vulnerable AD installations out there because most people need to be on "compatibility settings" that are insecure. And even the "secure" settings drop a CVE every few months.
They want you to move everything to the cloud, for obvious reasons. However, if you have on-prem/non-cloud servers, AD is still in the mix. They actually recommend running an AD DC as a VM in the cloud as a backup and to integrate cloud resources in scenarios that are more complex than Entra and Intune can handle.