Having to use the non integrated account breaks security policies, as I cannot control password rotation, or enforce MFA (when used in a connection string).  Specifically we are connecting an entity store PaaS Database to D365 db using the functionality within the D365 Admin area.  Having this use an AD integrated account would solve this because I use a ERPM from Lieberman to enforce password rotation on service accounts which then would flow via AD Connect to Azure AD.  Then AX admin simply has to pull updated pw from repository to update the string.