I also recommend this. EntraID is pretty handy and it was a fairly painless experience to get everyone using the Microsoft authenticator app on their phone for MFA. SSO via a registered app in Azure is just an added bonus.
Our typical user reaction is something like "Oh, like my banking app?" when we enroll them in MFA