[kayoone]

this is not even touching on the security issues that arise from the fact skype does not support 2FA and the merged legacy accounts remain vulnerable.

[hpshelton]

You can disable login from secondary emails, recovery emails, your phone number, etc. using https://account.live.com/SignInPreferences.

[devereaux]

What do you mean?

If you have a outlook.com email, a merged a legacy skype account, and 2FA, what is the attack method that can be used against you?

[thewavelength]

As of my knowledge, you can log in to Skype without 2FA using an outlook.com-email-address even though it has 2FA enabled.

[hpshelton]

If you have proof of a repro for this, please reach out to our security team(s), but to the best of my knowledge this is false. 2FA works on both regular and merged Skype and Microsoft Accounts on all endpoints.