But there's the problem: if you don't have an OSM account, the user needs to go sign up for one. If Microsoft creates the account for them, that's not just legalese, they might still be seen as the data controller. Or, at least it may be problematic enough to give the in-house lawyers a headache.
But that's not a problem at all! That's exactly the desired/required operation. OSM wants a very clear demarcation: this may be a Microsoft application, but you are an OSM community member (if you want to contribute).
That's perfectly encapsulated by a signup/login barrier. Any slick-ness on top of that fundamental requirement is sugar
