Local account with MS account added after, because 365.
IMO this is the best way. All the benefits of both with the drawbacks of neither.
One of my many hats is MS Tenant admin/Enterprise Admin for a couple of firms. I've watched the mess Microsoft have made-and-mostly-cleaned-up as they tried 50 ways from Sunday to reach a viable way of dealing with the shift to "cloud". To date, I can see (have seen, have fixed, have made group policies to block) bad things caused by MS accounts for login, and have yet to miss out on anything by using local accounts - If you can call a hybrid on-prem/AzureAD accounts "local".
Microsoft will not
ever cripple local accounts as long as they're selling Windows Server with local domain controller roles. Those are
paying enterprise customers who make up the overwhelming majority of Microsoft's customers by revenue. Most of them are Office365 and AzureAD subscribers too. If they piss off those customers too much, Microsoft is
done, because the customers like me who buy thousands of CALs, O365 users, and deal with account admin are experienced enough to know that MS are no longer the only game in town. We stick with Microsoft because it's easy and convenient, not because it's good.