Just to be super clear, these are legit emails. Microsoft didn’t follow their M365 customer data breach notification process.