[joshribakoff]

They don’t enforce or even default to 2fa to change the account email. In addition, they have no process to get a human to reverse account takeovers. Just a web form that tells you to call a number that redirects you back to a web form

[hedora]

On the other hand, they aggressively log out legitimate users, and require the master Microsoft account password to log back in (because your kids need access to your one drive settings, etc).