I think that is the best approach to use Azure AD and the benefits are vast and some of the points I have listed below, also you can deploy Intune to manage the devices and manage BYOD model.
Security wise you can monnitor and control the users, devices via Conditional Access policies, Sentinel for monitoring and alerts. OneDrive and SharePoint is part of the O365 suite, so SAAS based app model to integrate with your Salesforce and SSO.
More details over here for Licenses and features that will assist you to understand - active-directory-whatis
Azure Active Directory (AAD)
(Microsoft Cloud Directory service)
Despite its similar sounding name to traditional Active Directory, this is a different service that is hosted by Microsoft and is the top-level object in Microsoft Cloud (O365, D365 and Azure).
Contains user, group, and contact objects.
Windows 10 and newer computers can join AAD while older operating system machines cannot.
Can be synchronized with a Windows Server AD (see above) via the ADConnect tool so the same username and password can be used for both.
Supports Active Directory Federation Services (ADFS) where authentication requests in the Microsoft Cloud are redirected to AD for validation and then redirected back to the cloud to access resources.
Azure Active Directory Domain Services (AAD DS)
(Microsoft’s alternative to Windows Server AD in Azure)
An Azure hosted, Microsoft managed AD.
Most of the same capabilities as traditional, on-premises Windows Server AD with some limitations due to lack of administrative access to the actual domain controllers (Microsoft manages that).
Synchronizes with AAD (which is synchronized with on an on-premises Windows Server AD) and allows VMs running in Azure to join it regardless of the type of Windows OS (e.g. Windows 10/8/7 or Server 2008/2012/2016/2019).
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.