Every once in a while MSFT sends me an email that says someone is attempting to access my account. I'd be stupid to not use the multifactor with them because MSFT thinks I should be saving things to the cloud.
If you're invited to reply to that email, it's a scammer trying to get into your account.