What Does the "Use this account everywhere on your device" Dialog Do?

Yes, you are correct. Selecting the option to allow my organization to manage my device registers your device in your organization’s Azure AD. It is called Workplace Join.

It doesn’t mean much else than that. It will receive a certificate and it will be a recognized device. Some basic information about your computer will be registered in AD, such as OS type and version.

Should you use that device to access your organization’s Office 365 services, certain policies may take effect, like bypassing multi-factor authentication. Single sign-on may take effect allowing you to access other services your organization offers without having to sign in again. These are defined by your organization admins.

If you click Yes, as opposed to “this app only,” you will be signed in to your organization across multiple different Microsoft apps, like all Office applications.

If you choose not to use this option to allow your device to be managed, you will be prompted for authentication and possibly multi-factor authentication periodically. Depending on your organization’s policies, you may be unable to access certain services.

This settings can also break things in Windows/Office.

In Office, having your company email address added to this setting can prevent you from successfully changing your password for Office programs on the device if your Office 365 account password is changed.

It can also (I found out this morning) cause network shared drive to think the files are encrypted when they are not, preventing access to or copying of data from the network drives.