We do not know if this is made with malice by Microsoft, if it is some sort of mistake, or if some of their cloud customer is running the attack.
Typically we've found that this is due to some underlying app or service that they all use, an example would be a webhost that has all of their customers on an older vulnerable version of cPanel, or for something with more recency look at all the organizations that suffered a ransomware attack this week because they used the same vulnerable file transfer software.
> The ongoing Intel CPU bug debacle with Meltdown, Spectre, Foreshadow, MDS, the jCC/cache-line bug, Fallout, LVI, Portsmash, etc, etc, and the ME backdoor is making the main GMP server far from as secure as we'd like it to be.
MS also has abuse contact exactly for this purpose[2]. I have no experience what their response is there, but probably worth a shot anyways.
[1] https://www.microsoft.com/en-us/download/details.aspx?id=565...