That is your opinion, not factual statement.
It's not "opinion", it's basic logic.
Part of that is right. The first point isn't very important and would not have stopped the breach nor very much of the access.
Please explain how the TEST account NOT having access to PRODUCTION data (like in any sane environment) would have NOT prevented the breach.
The last point is very much more annoyance than it is an actual security measure. It's also easily hacked/defeated.
Now THAT is an opinion (that has nothing to do with reality). It's just plain wrong. How is a TOTP, ON TOP OF a password NOT more secure than just the password?
The fact that 2FA prompts seem to annoy you doesn't mean they're not preventing attacks.
I hate to seem like I'm defending Microsoft, but you have no idea how those hackers got in. Those hackers are some of the best in the world and "standard" or even "enhanced" security practices likely wouldn't have held them back.
Dude. Password spraying is not a sophisticated attack as you'd like to paint, it's literally the dumbest of the dumbest methods that's out there.
It's not that the hackers were so smart, it's that MS was so extremely, unbelievably ignorant.
And I've already explained that if MS did ANY of those 4 points, these dumb hackers wouldn't have gotten in. MS failed to adhere to the ABSOLUTE BASIC measures that anyone should adhere to. Yet here you are, trying to be the smart contrarian, while you clearly don't have the slightest idea what you're talking about.
Disclaimer: professional information security officer at a self-driving car company.