The MDM stuff is there now, and platform SSO works pretty well, at least with Entra and Okta (the only two I have experience with). Both JamF and InTune support it, I'm sure all the other MDMs do as well.

The only time macs can be a bit of a headache is if you are still using all on-prem AD & group policy and trying to force them into that environment via joining the mac to AD.

Microsoft is forcing everyone onto Azure AD or whatever so that should fix that.

Last time I dealt with Apple MDM was integrating it with on-prem AD and it was a pain. I know it’s better now because last few “gigs” have used it and it’s been pretty seamless with Microsoft Authenticator for Teams. (Ugh!)