To be honest, Microsoft is in general really clunky when it comes to auth. Azure is a forest of browser redirects, re-logins, wrong tenants. Teams doesn't do multi-tenancy ala Slack and Discord. School/work or personal account? You really shouldn't have to choose, just log the user in. If you can't do that, you've failed.
I think their oauth service is really decent and easy too use (comparatively, since oauth is its own hell in my opinion, I want to join the "basic auth isn't unsafe-club").
For a company that large, it really does login you to many websites if you authenticated at your own third party app of questionable origin. Not every site, but I think office and azure are covered (with corporate accounts at least, which are treated differently I belive).
That said, I really, really dislike using such large auth providers because there are repercussion for anonymity and behavior spying. Microsoft doesn't need to know which services I use. I don't use my private MS account for anything, especially not for Windows.
I wouldn't want to save user info for my webservices anymore, but if I have to I would recommend specialized auth providers like auth0. Don't give that to big tech too.
