You can now join Windows 2019 Server to Azure AD using Azure AD domain Join. This uses Azure Active Directory (AD) authentication for Azure virtual machines running Windows Server 2019 Datacenter edition or Windows 10 1809 and later.
This provides a centrally controlled, policy driven method for logging on to VMs and authenticating using Azure AD.
This is carried out by using Azure tools such as Azure AD Conditional Access for MFA and Azure Role-Based Access Control (RBAC) to control access.
The video below shows how to create and configure a Windows Server 2019 VM to use Azure AD domain join with the Azure portal.