RDP to Azure hosted VM using Office 365 Account

Question

Goal: Manage authentication (preferably MFA) on Azure with Microsoft Entra ID using office 365 accounts, and use this to authenticate logins (RDP's) to our Azure hosted Virtual Machines that are running Windows Server 2022. 

Short history:

• VM's were setup with Windows Server 2022 and with local accounts, and RDP ports open (before my time)
• Office 365 accounts created for the team (before my time)
• We were able to login to remote machines with local accounts, but not with Office 365 accounts which would not RDP at all (login failed on RDP login page)
• I added role assignments to the VMs for the appropriate office 365 accounts (tried both 'Virtual Machine Administrator Login' and the user one)
• We could then use the office 365 to pass the RDP authentication, but the VM would reject the login and we saw an error message on the screen of the VM. Error read: "The sign-in method you're trying to use isn't allowed. Try a different sign-in method or contact your system administrator."
• In researching this there were a number of different solutions all of which I've tried and failed:
  • Apply MFA to users (this then made RDP fail)
  • Tried the 'Use a web account to sign in to the remote computer' setting in RDP Advanced tab
  • Tried Azure joining the VM's
  • Tried Entra Domain Services
  • Tried setting up a Domain Forest and Domain Controller on VM's within the same subnet (note removed AzureJoin and Domain joined the VM's)
  • Tried Microsoft Entra Connect (was able to get local accounts to sync up to Azure, but not the office 365 accounts to sync locally to the VM's)

If anyone knows how to do this, I've spent too much of my life on this, haha. Seems like it should be so easy... and I'm way deeper down the rabbit hole than I'd like. Help!