With SSO enabled, it would be nice to disable the ability to login with legacy email logins so that we can just use Azure SSO for admin/user logins. If someone with an email in the system tries to log in, it give it a message saying they need to use SSO to login.
I contacted Sophos in regards to this yesterday. If companies are centralising their identity to use AAD for whatever reason, it doesn't make sense why we would want to keep local logins alive also. With the all time companies put into AAD security including MFA plus reporting etc, local logins bypasses all of that.