Check the address bar when you sign in!
If the URL that appears in the address bar when you sign in doesn’t include login.live.com, you could be on a phishing site. Don’t enter your password. Quit, restart your browser and navigate to Outlook.com again. If the problem continues, check your computer for viruses.
Use a strong password
As with everything, make sure you use a strong unique password for your email account.
Use 2-Step Verification
- Go to the Security basics page and sign in with your Microsoft account.
- Select More security options.
- Under Two-step verification, choose Set up two-step verification to turn it on.
- Follow the instructions.
Note: As part of setting up this account, you’ll be given a QR code to scan with your device; this is one way we ensure you are in physical possession of the device you are installing the Authenticator app to.
Remove Recovery phone/email
Don’t use a recovery phone or email. If an attacker steals your mobile number through a SIM swaps or gets access to your recovery email, they can use it to get access to your Microsoft account through this recovery function.
Sign in Settings
Avoid saving passwords to your Microsoft account and using it as password manager. Avoid signing in with Microsoft. Rely on a separate password manager instead.
Microsoft also has publishes a great article on protecting your Microsoft account.