Microsoft announced today that they have added new security and account control features to Microsoft accounts.
Account users will be able to view a log of recent use of the account, including the date/time, IP address and location from where the account was accessed. See below for an example.
As Microsoft says, they can't effectively protect your account unless you help, and checking information like this can help a lot.
They have also added a new recovery code feature, similar to Twitter's, for the very odd circumstance in which you lose use of both your authentication factors (typically your email address and mobile phone number). The code appears to be a globally unique identifier (GUID), a 32 16-byte value. [Correction: Thanks to @VMaxF1 for pointing out both that GUIDs are 16, not 32 bytes, and that recovery codes are actually 25 alphanumeric charcters, the same format as product keys.] The idea is that you save this value somewhere safe (not your phone) for such emergencies and (here's the tricky part) remember that you have it and where you put it when you need it.
Lastly, Microsoft has added greater control over security notifications, such as password resets. You must still receive them at your primary email address, but you can select which phone numbers receive SMS alerts.