Microsoft has, by far, the absolute worst sign-on experience of any enterprise vendor I've ever used in any industry for any reason. Try to log in to AWS and you'll either get authed or a clear denial reason. Google Workspace? You're in or you're out. Enterprisey MS service like Outlook or Azure? Well, if you've logged in from that computer before, you might get to log in, but you may also have to hunt around for your organization login. I recently tried to log in to an org but it ended up creating a personal account with an email address at the org's domain, and then I couldn't sign in to the org because that account was already taken, and it took something like a week for the anti-fraud cooldown to let me delete the account and eventually re-register it inside the org.

For giggles, I just logged into my charity's Outlook account. I tried to log out, but it's showing me a "Your privacy matters" popup explaining why my privacy doesn't matter, and the "sign out" menu item stopped working, presumably until I agree to let them hoover my data. (Aside: the "To adjust your optional connected experience, go to Privacy settings." link doesn't take me to my privacy settings. It takes me to a page telling me how to get to my privacy settings.)

You cannot convince me that anyone at MS actually uses their public-facing auth system for anything ever. MS gets love for backward compatibility, but I see it as laziness. Instead of making one system that "just works", like Google and Apple and AWS and every other large vendor on the planet has managed, they half-ass support all 537 different auth systems they've ever deployed, driven by what I imagine must look like a giant nested switch/case behind the scenes. "OK, the user didn't have an "@" in their username, so call `legacy_pw_auth_23(form.password)`. It did have an "@", and also a "@minecraft." in it, so call `minecraft_v1_real_pw_authorizerer(form.password)`, unless it also contains `foo@minecraft.`, in which case call `minecraft_migration_2014_null(form.password)`, except in February, which has 28 days most of the time, where we call..." Heaven help you if it guesses wrong and sends you down the wrong twisty passage.

I'm far from a Google fanboy. I use their stuff for work, and it's alright, but it does not spark joy in my day. Still, I bet if the Microsoft Account login worked anywhere near as clearly, reliably, and rationally as Google sign-on, then Windows wouldn't get 1/10th the pushback we're seeing. If I couldn't authenticate to my own desktop any more reliably than I could auth to Outlook, I'd want nothing to do with it, either.

This is so true. When you log in to their website it bounces around through about fifteen different domains before it concludes. I'm nearly sure passport.com is still in there.