Also nice to mention that some of those are connected and some are not. For example I have a personal account (that I did not create but appeared magically at some point; it behaves as totally separate), a work account (main work tenant) and three guest work tenants that share the password, but don't share the 2fa. For some apps you chose the tenant, but not for all.

Oh yeah it was more a joke than anything. Microsoft is just creating such a shitty environment. I can be logging in from my company portal where they know the identifier yet I still have to add @company.com. I mean I got one for my job, for my university, for conferences (CMT), and I swear I'm forgetting 30 others that I only use once in a blue moon.

They also are real shady with yubikeys. You can't set them as default but you can set "security key." So the process ends up being it assuming you want to use Hello (which breaks my Outlook... wtf), clicking use another device, security key, clicking next, then finally typing in your credentials. The next part makes me real suspicious since all the other dialogues go to the next page without clicking next. Why just this page? It's some weird dark pattern bs.

I'd call it malicious, but I think maliciousness requires intent. A chicken running around with its head cut off isn't really malicious if it runs into you.

You can use these “features” to hijack accounts too ;)

I’d call them bugs, but they’ve been reported and didn’t get fixed.

indeed, with an incoming Teams meeting invite, it should be determinable from the sender's context which account should work on the meeting. Instead there is 2 minutes of waiting, and what seems like pot luck with the account.