With "Microsoft" Identity Provider do we really need federated Active Directory with Kerberos anymore?

I’m at an ISV selling on-prem software bundling with KeyCloak to fairly mature IT shops running Active Directory for thousands of employees.

It seems like the “Microsoft” identity provider gives a much better employee user experience, with way less hassle, than federation with AD and setting up Kerberos for auto-login from the windows desktop/browser. Am I missing something? Does anyone have a sense of the proportion of larger shops that have AD and are sophisticated enough to support Kerberos for apps but not “Microsoft” authentication?

Kerberos had been the only option for years and still is for some old windows setups. This is why it’s still present in keycloak.