Concerning the Azure addon and the MS Cloud addon, essentially it's just different ways to collect the logs. There is some overlap as well as some that are exclusive to each addon. This blog post covers it:
Either way will get the roughly the same logs with few exceptions, so choose whichever one makes you happy.
Concerning use cases, the easiest way to build those out would be to use Splunk Security Essentials and adapt the searches to fit your Azure AD logs. The Splunk community has also released an app to help with Azure-specific security data: