Microsoft must put its Passport internet service through regular security checks for the next two decades.
The US government decided the company had deceived consumers about how well it protected their personal information.
The Federal Trade Commission (FTC) deal is the first to put measurable security requirements on a company.
Howard Beales, the FTC's consumer protection chief, said: "We think it's an important part of privacy. Where companies are promising security - and many companies are - we are going to try to make sure those promises are kept."
Passport is Microsoft's way to make it easier to sign on to hundreds of e-commerce sites so consumers do not have to type their passwords and personal information into each one.
While the FTC said it found no security holes in Passport, it said Microsoft's plan to deal with security problems was inadequate.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereComments are closed on this article