Consider the case of K2 5.3 configured with both K2 Windows STS and K2 Trust for Azure AD claims issuers enabled in USE FOR LOGIN.
If K2 is solely being used with SharePoint Online, then by definition all users are authenticated with AAD. The screen to prompt which authentication mode to use is a support challenge because of the extra prompt per day, and neophyte users often click "Windows STS" because it's on top and sounds more familiar to them.
Is anyone running K2 Five with only the "K2 Trust for Azure AD" claim issuer enabled for login? Might it cause any problems in managing or updating the K2 farm while logged into the servers with the Windows setup account?