If you landed on account.msa.msidentity.com and saw a Microsoft login screen, you might have assumed it was legitimate. But our investigation reveals a site that should not be trusted. The most immediate problem is the SSL certificate: it is valid for dozens of Microsoft domains but not for this one. That means your browser would warn you the connection is not secure, and the site is actually unreachable because of the mismatch. That alone is disqualifying for any login page.
Beyond the certificate, the domain has no identifiable owner in the WHOIS database, no history in the Wayback Machine, and no favicon — small signals that together paint a picture of something that does not operate like a real Microsoft service. The redirect to login.microsoftonline.com may look normal, but the underlying infrastructure is broken. For anyone asking 'is account.msa.msidentity.com a scam?', the evidence points to a misconfigured or abandoned domain that should not be used. Never enter your Microsoft credentials on a site with an invalid certificate, regardless of how official the branding looks.