You can always pick other components for those things. Many enterprises do this also because the included parts in M365 are usually pretty mediocre compared to AAA solutions that specialise in that part. For example dedicated MDMs are better than Intune. Dedicated IDPs are better than Entra AD. Dropbox is better than OneDrive, slack is way better than teams (to be fair, anything is better than teams :) )

The big benefit of the MS package is that you get it all for one price. And that it's integrated so you have less configuration. But they're not deal-breakers. That's why parties like Okta and MobileIron still exist. Airwatch was also really good but VMware screwed them up like they screw everything up.

But M365 is not the only game out there. Unless you're limiting yourself to wanting exactly what M365 is. Then it's only that yes.

Many governments have their own MSPs (managed service provider) who could host any open source software, just as they are likely in charge right now of many Microsoft admin tasks. And if the government doesn't have one but a branch office wants a regional branch wants a keycloak instance they can always get an MSP for that

I do like your vision of a unified full replacement version. But even just gathering everyone's requirements for that seems like a near impossible task that would take years. And the end result would almost certainly end in a mess that's too restrictive for some, unusuably unsecure for others, and have a set of apps that will always be slightly wrong and difficult to change. These huge top-down solutions rarely work well