When logged in to https://portal.office.com/, users have the option to sign out, naturally. When you do, you're presented with an elegantly crafted exit screen saying that you are. But are you? If you go back to https://portal.office.com/, you're just logged in again.
After contacting Microsoft's firstname.lastname@example.org bugreporting, the response was:
Thank you for contacting the Microsoft Security Response Center (MSRC). After investigation we have determined this does not meet the bar. Success of this attack is predicated on a compromised session by having the auth cookie and the session ID cannot be brute forced.
As such, this email thread has been closed and will no longer be monitored.
Maybe that's why they tell you to close your browser...