The company previously offered alerts to users about computer break-ins without providing information about suspected perpetrators.
Microsoft on Wednesday said it would notify users when it has reason to believe an attack on a customer account is “state-sponsored”.
Microsoft’s new policy mirrors those recently adopted by Facebook and Twitter. Google has issued warnings about state-sponsored attacks since 2012.
These providers do not specify what countries they believe may be responsible.
The move follows a series of highly publicised computer intrusions over the past few years, as well as revelations about US government intelligence-gathering techniques disclosed by former National Security Agency contractor Edward Snowden.
In some cases, US officials and security researchers say they have uncovered evidence that links a particular attack to a certain country.
Microsoft’s policy was reported on Wednesday by Reuters, which said it followed questions the news service had asked the company about an attack on Microsoft services that had targeted leaders of China’s Tibetan and Uighur minorities.
That incident came to light in 2011.
The software company did not disclose what may have prompted the policy change, but said it had decided customers should know about the possibility of state-sponsored action due to greater privacy risks in that circumstance.
“We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others,” Scott Charney, Microsoft’s corporate vice president for trustworthy computing, wrote in a blog post.
Microsoft said the change involved unauthorised access to accounts that include its Outlook.com e-mail service and OneDrive file storage.
Notifications about state-sponsored attacks did not mean Microsoft’s systems had been compromised, Mr Charney wrote.
“The evidence we collect in any active investigation may be sensitive, so we do not plan on providing detailed or specific information about the attackers or their methods,” he wrote.
“But when the evidence reasonably suggests the attacker is ‘state sponsored,’ we will say so.”
Mr Charney’s blog post lists a series of steps Microsoft users should take to keep their data secure, including using strong passwords and verification that involves an additional security code beyond a password.
“If you receive one of these notifications it doesn’t necessarily mean that your account has been compromised, but it does mean we have evidence your account has been targeted,” Mr Charney wrote.