The other day I got around to finally learn some COM/DCOM, and realized Windows had microservices built in for 2+ decades, and with better protocols and security...

I'm not sure I understand your comment. Active Directory is Microsoft's proprietary tech that is a modification of the Kerberos standard, reimplemented most notably in Samba, but client solutions (open and proprietary) also exist.

Group permissions predate AD by decades, PAM by a few years. SSO in today's form is a web phenomenon, so a web-oriented solution makes more sense, and there is a lot of work being done in this direction.

Windows isn't used in academia.

So you get new grads that are re-inventing the wheel.