Ive worked in all of those too.
As a PMP and CISSP.
The only large companies, or government agencies I’ve seen not using such functionality, when available, are those that can’t figure out how to get it properly configured, or whose legacy systems are not compatible.
And those who have smart senior engineers. Which is rare now days.
IT mgmt believes in the myth of a single pane of glass. They believe it will allow them to reduce staff significantly.
And the stupid runs deep and wide in government networks which do not have an air gap.
Most orgs don’t have the brain trust required to implement and maintain a proper PKI and managed identity platform, both of which are critical to secure communications in C&C infrastructure. I’m a CISSP and have been involved with PKI implementation and management for 10 years. It’s the Achilles heel of many orgs.