Q. Why should I have an unfederated account in my Azure AD instance?
A. As a best practice if using ADFS for authentication you should also have at least one account in your Azure AD instance that is an unfederated account. The reason for this is simply that if ADFS experiences a problem then you would be unable to login and manage any of your Azure assets. By having an account in Azure AD that is unfederated you will be able to authenticate to Azure AD even if federation is not working and this will enable you to troubleshoot and remediate the issue. This is not required but is a good idea.