We are seeing more of these types of malicious messages, shown below, getting by the SPAM filtering. Special code is also being used in the messages, to bypass any filtering. Please pass this onto all of your users. Microsoft will not send you any email like this, asking you to keep your password or verify your account. The “Bad Actor” just wants you to click on the link to obtain your account information. Just delete the message and do not click on any links. Have your users contact us directly, if they are having a problem accessing their account for any reason.
We are also in the process of tightening down login methods. As we have had one instance of a multi-factor account still getting accessed by a bad actor. Though this is very rare, it is still possible. We recommend that all users check their account Sign-Ins and notify us if you see any suspicious locations show successful. The location may not be exact, but you will get a good idea if it was you or not. You probably will see failed attempts from foreign locations. You can use this link to view your account Sign-Ins. https://mysignins.microsoft.com/
Users should also be careful, with the Microsoft Authenticator app, only allow a login when they know that they are logging in and being verified. All others should be denied. If this does occur, the users password should be changed.
Delete any messages that look like this one