1. MAB can be configured to authenticate users against Azure AD ,it supported from R80.40.
2. In MAB, browsing directly to a portal link uses the clientless option, while clicking the 'Connect' button invokes SNX.
Clicking on a link within SNX's category initiates a layer-3 VPN connection.
3. Currently we don't have any sizing information for Guacamole. ( if you deploy it on public cloud ,the solution is to use autoscale/vmss/mig)
4. SMS OTP ('DynamicID') is supported by MAB. The other two methods aren't directly integrated with MAB's portal, but MAB may support them if they can be configured as a . standard authentication server with multi-challenge authentication.
5. MAB's Guacamole support is fully integrated into R81 GA.