"Microsoft did not say how the attackers were able to steal the support agent's account credentials"
I'd imagine the same way that any other credentials might get stolen. Malware on their system, password reuse, flaw in the authentication system, etc. Or maybe the Support Rep was in on it. Maybe the hackers never had the Rep's credentials and just planted malware on their machine and hijacked the session.