The most uncomfortable part is their log in. The amount of re-directs and glitches there are insane. Its hard to believe that it works as intended.
As an example, for some reason I could not download the BAA because trying to download it lead to a login loop on their trust website, while I was still able to see the Azure console ok in the same browser.
When I signed out of my Azure account to try if a fresh login helped, it did not trigger my 2FA at the next login. In my mind, if I actively logged out from a browser window, I withdraw my trust in that device. So not being triggered for 2FA is a massive red flag.
(no I still could not download the BAA, nor file a ticket for it, but somehow a colleague could download it ok.)
Look at the CVEs for azure, msal and Active Directory for some good laughs.
Now realise most governments, large companies and education works on this