I get lots of unsolicited "Microsoft Login" popups and even as a sophisticated user, there's no satisfactory way for me to establish whether this is a trustworthy request or a fake login page.
For example, my company's VPN uses Microsoft SSO and will occasionally pop up a Microsoft Login window without me having requested it.
I establish trust via the autofill of my password manager. If my password manager doesn't offer a list of my Microsoft accounts for autofill, it's probably not a Microsoft website.
Yes, this is not bulletproof, because some companies have login pages on multiple domains. But at least it fails safely and causes me to become cautious when that happens.
I get lots of unsolicited "Microsoft Login" popups and even as a sophisticated user, there's no satisfactory way for me to establish whether this is a trustworthy request or a fake login page.
For example, my company's VPN uses Microsoft SSO and will occasionally pop up a Microsoft Login window without me having requested it.