• It is desired to setup Entra ID as the primary SSO for vsphere.
• There are concerns about what are the best practices for handling service accounts would be.
• There are questions on how to go about enforcing MFA with Entra and how that workflow works.
• Looking for information about the use of  use local accounts or not.

vSphere 8.x

For the best practices see KB 322179 "Configuring Microsoft Entra ID for vCenter Server", and KB 422002 "After configuring Entra ID as a valid identity source, login via "Sign in with local account" allows login bypassing Entra ID."

As to the setting up and use of local accounts, this would be done from  within Entra, before then being mapped to privileges in vCenter.

See the above KBs, as well as VMware vSphere SDKS and Tools 8.0 VMware Identity broker and vSphere Permissions and User Management Tasks for more info.

Note: It would be up to the 3rd party application to support something other than password.