Microsoft - fixed without reporting; original findings shown

https://account.microsoft.com/
Recommended Configuration Authenticator; SMS; Email
Alternate Configuration 1
Alternate Configuration 2
Alternate Configuration 3
Account/Password Recovery PR SMS; PR email
Remarks automatic SMS backup signup using phone number on file; automatic email backup signup using email on file
Responses

Notified on January 11, 2020.

Closed on January 28, 2020; did not understand vulnerability with authentication policy.

Silently fixed vulnerability without notifying us as of March 8, 2020; this page represents our original findings.
img
2fa_backup_step0.PNG
img
2fa_backup_step1.PNG
img
2fa_backup_step2.PNG
img
2fa_backup_step3.PNG
img
2fa_options.png
img
2fa_setup_step0.PNG
img
2fa_setup_step1.PNG
img
2fa_setup_step1_annotated.png
img
2fa_setup_step2.PNG
img
pr_juxtaposed.png
img
pr_step0.PNG
img
pr_step1.PNG
img
pr_step2.PNG
img
security_settings.PNG