Hi, @Simon Harrison Welcome to Microsoft Q&A Thanks for reaching out.
We can't use MFA as the VM is executing in server mode
Not sure why you cannot use the interactive mode called also in SSMS “Universal with MFA”
First of all, there is no MFA if not enabled at the AAD level. For SSMS when you indicate the AAD user, this mode will ask you interactively to type a password and with this information, it will authenticate to the Azure SQL database. For application, the type of this mode is “Interactive”
Coming to Azure AD Integrated mode.
Not much can be done at SQL lever. You need to federate your domain with the Azure Active directory.
I am not a Linux expert, however, I am checking with the Internal product team to provide you with more details. but for Windows OS that uses Active Directory (AD), the Windows domain must be federated with AAD (in this example an AD is synchronized/federated with AAD). That allows using Windows authentication.
See more here Azure AD Connect: Supported topologies | Microsoft Learn and Azure AD Connect sync
Regards
Geetha