We use Microsoft OpenID connect with and works fine, with one “but”….. it is not possible to create Indicium/IAM logins for Microsoft Accounts without adding them into our own Microsoft 365 tenant? Like you do with Google OpenID connect?
Power users can create IAM users with for example a hotmail or outlook.com email addresses. When these users login with Microsoft Open ID connect on our Indicium login is possible and get this “error”

When we create Azure AD guest users for these accounts to login is possible. But we do not want use our tenant for IAM app logins. Technically it’s possible when you use “COMMON” , see: Microsoft identity platform en OpenID Verbinding maken protocol - Microsoft identity platform | Microsoft Docs