Yes, it's confusing that the UI doesn't highlight that "Jeff's MSA" and "Jeff's MSA at This School" are different accounts when it makes statements about the school owning the account. By adding him, the school set up a "Jeff at This School" account (a unique ID inside their Azure Active Directory) which Jeff can access using his MSA account. They didn't take any ownership over his MSA, but they do control the data for his school account (i.e. anything he creates in their Azure Portal, SharePoint, etc.)
And then Jeff is confused about the state of his account. Keep in mind that he's using a developer tool (the Azure portal) and account federation is not a beginner-level feature of Azure AD. There are sharp edges. He just jumped to a lot of conclusions and wow the Fud level on this comments thread is off the charts.
I know this because I set up an OAuth2 based web portal for my friends to access my Minecraft server using Azure AD B2C and by god the hardest part was figuring out how to explain the login experience to users, and disable the secondary 2FA requirements for MSA/Gmail users (because I know my friends are smart enough to use 2FA)
And then Jeff is confused about the state of his account. Keep in mind that he's using a developer tool (the Azure portal) and account federation is not a beginner-level feature of Azure AD. There are sharp edges. He just jumped to a lot of conclusions and wow the Fud level on this comments thread is off the charts.
I know this because I set up an OAuth2 based web portal for my friends to access my Minecraft server using Azure AD B2C and by god the hardest part was figuring out how to explain the login experience to users, and disable the secondary 2FA requirements for MSA/Gmail users (because I know my friends are smart enough to use 2FA)