The most uncomfortable part is their log in. The amount of re-directs and glitches there are insane. Its hard to believe that it works as intended.
As an example, for some reason I could not download the BAA because trying to download it lead to a login loop on their trust website, while I was still able to see the Azure console ok in the same browser.
When I signed out of my Azure account to try if a fresh login helped, it did not trigger my 2FA at the next login. In my mind, if I actively logged out from a browser window, I withdraw my trust in that device. So not being triggered for 2FA is a massive red flag.
(no I still could not download the BAA, nor file a ticket for it, but somehow a colleague could download it ok.)
From what I can tell, they use it as proving ground for whatever crap they’re going to force on other applications.
After getting it to work on a raspberry pi, I decided I wouldn’t use any logged in Microsoft product in a professional setting.
Anyway, I’m sure they’ll eventually unify GitHub and LinkedIn login the same way they did with Minecraft. At that point, our industry will implode.