Hi @Cameron Barnum , are you able to share the details of the email? You should be able to review the Azure activity logs. These logs can provide information about who has accessed your resources and what actions they have taken. You can also review your Azure Security Center alerts to see if there are any alerts related to the suspicious activity. This guide details how you can do this.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James