Especially because if you use azure ad (or entra now) as a backend behind okta (as we do at work too), you now have two vendors that might get hacked instead of one. If I have a valid azure cookie it bypasses all IDP login rules (eg this cloud service may only be connected to from the company network).
Also, Microsoft and Google have one big thing in their favour: they run consumer services with billions of customers that they get a ton of experience from. And which are a huge target which rarely gets breached.
Those consumer services are not running on the same IDP services e.g. "Entra ID" but as a company it does prove they know what they're doing. I have to give them that. I know MS got breached recently too but they have a decent track record overall. Saying this as a MS critic by the way.
Also, Microsoft and Google have one big thing in their favour: they run consumer services with billions of customers that they get a ton of experience from. And which are a huge target which rarely gets breached.
Those consumer services are not running on the same IDP services e.g. "Entra ID" but as a company it does prove they know what they're doing. I have to give them that. I know MS got breached recently too but they have a decent track record overall. Saying this as a MS critic by the way.