I got this too. 2 seprate emails. I have no azure subscriptions associated with my email address, so... Must be fake news.
Possible phishing from Microsoft Azure and Microsoft Cloud.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 27%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBC%3C/text%3E%3C/svg%3E)
BILL CLEMENS
100
Reputation points
Been getting emails from Microsoft Azure and Cloud. I'm not subscribed to Azure and have used very little Cloud. Azure reads, Azure: Activated Severity: 2 invoice-234147320. Your Azure Monitor alert was triggered. Cloud email reads: Re: Wed have tried to contact you several times before, but we have not received any response. If you have not resolved your issue today, all-out data will be completely deleted 2026.02.14, including your photos and videos__ID#I1C0-B6O3-3YF7___
I continue to delete these but continue to receive them. Any way to stop them?
Outlook | Outlook for mobile | Outlook for Android | For home
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 51%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDE%3C/text%3E%3C/svg%3E)
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 48%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
jonny 15 Reputation points2026-02-27T13:44:15.3666667+00:00 I am getting the same thing and have not found away to delete them also
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 21%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Jean Boyer 15 Reputation points2026-02-27T14:06:50.1866667+00:00 I received two separate e-mails this morning, the same as the rest of the commenters. MICROSOFT CORPORATION BILLING DEPARTMENT ACCOUNT SECURITY ALERT (REF: MS-FRA-6673829-KP) We have detected an unauthorized transaction . Transaction Details: Merchant: Windows Defender . Transaction ID: PP456-887A-22B . Amount: 499.99USD . Date: 02-27-2026 at 06:01 AM EST . Our Fraud Prevention System has automatically placed a hold on these funds. To prevent account suspension and reverse any potential fees, you must verify this transaction immediately. If you did NOT authorize this purchase, please contact our 24/7 Microsoft Fraud Resolution Hotline at : +1 (813)453-4558 . We apologize for any inconvenience. Sincerely,The Microsoft Account Security Team.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 38%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
john W 35 Reputation points2026-02-27T16:51:30.5533333+00:00 Same. It looks pretty legit, but it's not.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 40%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
CheshirePete 65 Reputation points2026-02-27T17:02:04.62+00:00 I just got one of these also and I do use Azure. What is really clever is that the sending domain looks legitimate. So very unusual.
The sender is:
azure-noreply@microsoft.com
I don’t see any clever use of characters!
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 4%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Amir Moutameni 5 Reputation points2026-02-27T18:07:14.5466667+00:00 This happened to me today, as well
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 3%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDT%3C/text%3E%3C/svg%3E)
Debbie Thompson 10 Reputation points2026-02-27T18:22:35.7566667+00:00 I received this today, also. I had never heard of Azure. I'm setting up a new laptop. Not feeling very secure about this right now! I'm blocking this now and if I should be doing something else, I hope someone can let me know.
Azure: Activated Severity: 2 invoice-00302630
Microsoft Azureazure-noreply@microsoft.com
-
CheshirePete 65 Reputation points
2026-02-27T18:29:54.0666667+00:00 Don’t let it put you off Debbie! This nearly caught me out. In my opinion it’s someone with a genuine Azure Account and they set up notifications to send to our email addresses about false security breaches.
It is very clever.
Hopefully Microsoft will find a solution to prevent people doing this, and making it look like it’s coming from the genuine Microsoft domain.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 59%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECN%3C/text%3E%3C/svg%3E)
Chkn-N-Rice 25 Reputation points2026-02-27T18:41:16.5233333+00:00 Got this lovely chain of events. I don't even have an active azure subscription associated with my email address.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 42%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVO%3C/text%3E%3C/svg%3E)
Victor Ortiz 0 Reputation points2026-02-27T19:09:06.9166667+00:00 i just got the same emails, almost felt for it, i went directly to the Azure web page, which then i had some errors which made me more paranoid, went to microsoft help chat, which they send me to the call center, which the call center sends me to the help chat, it was very frustrating until i found this post!!
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 54%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
Gail 30 Reputation points2026-02-27T19:22:25.4833333+00:00 I got email today and it appears legit per outlook a legit email from Microsoft is azure-noreply@microsoft.com says monitor alert resolved. They detected unauthorized transaction.. they put a hold on it and to prevent account suspension and reverse potential fees, you must verify the transaction immediately immediately. If you did not authorize the purchase contact the Microsoft fraud resolution hotline, agree very suspicious but the email address is legit which is extremely upsetting..
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 28.999999999999996%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
Jeff G. 25 Reputation points2026-02-27T19:32:56.1366667+00:00 The scammers are getting good. They are using real Microsoft resources like azure and power bi to make it look genuine (because it IS a genuine ms email). But they are getting you to call a scam phone number because they can put free text into the subscription email so the sender is genuine. Obviously do not call that number. Alert others around you that may not be tech savvy. You may see it come from power bi as well.
Also Microsoft, you could sniff this out. Be better.
-
Gail 30 Reputation points
2026-02-27T19:49:18.1166667+00:00 Thanks I just contacted Microsoft support on my iPad to let them know about this. This was a scary one..
-
Deb E 30 Reputation points
2026-02-27T20:00:29.69+00:00 I didn't call the number, but I searched it on reverse lookup on the white pages. Does not show any reports of a scam but also did not confirm it was microsoft.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 49%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Lia 0 Reputation points2026-02-27T20:59:03.4533333+00:00 I had this just happen and panicked really hard. I don't have Azure subscriptions and sure as heck don't have money for one right now.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2026-02-28T12:25:14.5633333+00:00 This is dangerous because the email address -- azure-noreply@microsoft.com -- is reported by Azure as legit. Most phishing emails are, clearly, fake.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 4%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENJ%3C/text%3E%3C/svg%3E)
Nathaniel Jenkins 0 Reputation points2026-03-01T16:09:33.0766667+00:00 I received 2 of these one at 8:38 am and the other at 8:28 am both on 2/28/2026. I've never used Asure. I've also checked Microsoft Azure support site for the numbers listed in the email but could not find any phone numbers on the Azure site at all.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 99%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
HB 10 Reputation points2026-03-03T19:52:15.42+00:00 Be quicker than the scammer. Do not call the number, and if you do, then, someone pretending to be a Microsoft Tech will call you. HANG UP, and DISCONNECT INTERNET CONNECTION IMMEDIATELY! Run an AntiVirus Scan (Full Disk Mode), and download Malwarebytes (and do a Full Scan). Change your:
- Internet Connection Password
- Email Password
- Bank Password
- Business / Personal Accounts Password Go to Experian, and do a Security Freeze on the 3 Credit Bureaus for a period of time. Get an account with a Personal Background Removal site to have your Personal Info removed from Data Broker sites. Layer your accounts with 2-Step Verification, and enhance the security with a Question for the accounts to verify you with the answer you will provide that only YOU WOULD KNOW THAT IS NOT PUBLICLY KNOWN. Opt out of 3rd Party Marketing from companies. Never share your Private Info with anyone who is not close to you or you cannot completely trust (if necessary, have a Legal Power Of Attorney). Change passwords as often as necessary. Only provide your phone number to trustworthy companies/people, and don't say your phone number (same with email) to a cashier for points for others to hear (request that you enter your phone number on the keypad). Turn off phone Hot Spot. Lastly, if necessary, if you have been compromised, then, contact the authorities (Police, State and Local Commissioner Judges, Better Business Bureau, FBI, etc.).
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 65%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Maria Ramirez 5 Reputation points2026-03-05T15:20:59.6566667+00:00 I have noticed those emails in the last few days myself. Today, I received 2 more. So, I called the number and the ring tone is definitely a red flag. Someone answered and began to ask me if I have logged in using public wifi. I said no I don't take my laptop anywhere only my cell phone. The guy then wanted me to do a search for my IP address and gave me instructions on how to obtain that information (windows + R and type andes.com) something like that. I obviously didn't. I kept asking about the purchases that the email said were being made. He said I was a victim of identity theft, and he could fix it and blah, blah, blah. So, I asked "is someone buying things with my information and where is the money pulling from to purchase such things"? He wouldn't let me finish speaking so I said I was going to call Microsoft, and he said I was talking to Microsoft, lol. I just hung up. I unsubscribed and blocked the emails. I'm not worried as I know I am broke and nothing would have gone through for the amounts the emails said were successful. All I can do is change my passwords and move on.
-
-
HB 10 Reputation points
2026-03-05T16:15:45.65+00:00 I find it disheartening that Microsoft will not publicly address this issue (Public Relations), and give solutions. I feel like the FBI needs to investigate Microsoft, since, MS is not saying anything about this.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 99%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
C-MT 0 Reputation points2026-03-05T17:00:22.1+00:00 I've received two of these emails back to back last week and two more today. First on an email address I don't use for anything except hosting an alias, and the today for the alias. I knew it was a scam but the emails are so good and come from an authentic address. I have never had azule anything, checked my Microsoft subscriptions, and have never had saved payment info in Microsoft. These scammers are wild.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 54%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 55.00000000000001%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIA%3C/text%3E%3C/svg%3E)
I A 36 Reputation points2026-03-06T18:54:18.03+00:00 Thank you for starting the thread, Bill! This happened to me today and it bothered me enough to start digging. Being a tech guy, I immediately scoured my Microsoft account and concluded it was a scam. Came here to start a discussion because the email is "real" and comes from a legit source. I can bet this phishing scam is working on some people! I'm going to put the title of the emails I got here for search purposes... "Your Azure Monitor alert was resolved" or "Your Azure Monitor alert was triggered" and it comes from a legit "Microsoft Azureazure-noreply@microsoft.com" email.
Sign in to comment
9 answers
Sort by: Most helpful
-
Chkn-N-Rice 25 Reputation points
2026-02-27T18:37:27.0033333+00:00 -
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 81%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Sebastian Martin Vicente 0 Reputation points2026-02-28T13:21:54.9066667+00:00 I have the 2 mails that are commented by other users.
When you put the mouse in one of the links (don't click), the link isn't an official microsoft direction.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 81%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
Massimiliano C 10 Reputation points2026-03-05T17:28:36.61+00:00 Same situation happened to me today. I received an email from a legitimate Microsoft domain claiming a payment of $892 for a Defender subscription.
They exploit the Azure alert system. They create a storage account, then create an alert action group where they insert our email addresses, write the alert message, and trigger the alert.
The email is therefore sent from a legitimate Microsoft domain.
At the bottom of the email you can unsubscribe from the mailing group they added you to.
This makes the situation quite complicated. Microsoft should probably introduce some kind of filtering on the content of alert messages to prevent this type of abuse.
-
HB 10 Reputation points
2026-03-03T20:02:33.4133333+00:00 Be quicker than the scammer. Do not call the number, and if you do, then, someone pretending to be a Microsoft Tech will call you. HANG UP, and DISCONNECT INTERNET CONNECTION IMMEDIATELY! Run an AntiVirus Scan (Full Disk Mode), and download Malwarebytes (and do a Full Scan). Change your:
- Internet Connection Password
- Email Password
- Bank Password
- Business / Personal Accounts Password
Go to Experian, and do a Security Freeze on the 3 Credit Bureaus for a period of time. Get an account with a Personal Background Removal site to have your Personal Info removed from Data Broker sites. Layer your accounts with 2-Step Verification, and enhance the security with a Question for the accounts to verify you with the answer you will provide that only YOU WOULD KNOW THAT IS NOT PUBLICLY KNOWN. Opt out of 3rd Party Marketing from companies. Never share your Private Info with anyone who is not close to you or you cannot completely trust (if necessary, have a Legal Power Of Attorney). Change passwords as often as necessary. Only provide your phone number to trustworthy companies/people, and don't say your phone number (same with email) to a cashier for points for others to hear (request that you enter your phone number on the keypad). Turn off phone Hot Spot. Lastly, if necessary, if you have been compromised, then, contact the authorities (Police, State and Local Commissioner Judges, Better Business Bureau, FBI, etc.).
-
Gail 30 Reputation points
2026-02-28T01:54:45.4933333+00:00 So I tried to post this earlier but I guess it didn’t go through. I searched the number in the email I was advised to call 812.484.9724. It is a T mobile cell phone in Indiana. Can’t remember exactly where now. So this is definitely a scam but very scary that the Microsoft address is legit. I did report to Microsoft.
-
HB 10 Reputation points
2026-03-03T20:12:44.02+00:00 I agree that it is concerning for the Microsoft address to be legitimate. I am concerned that Microsoft has a faction of employees who sleeper cells (due to US activity) that are actually hackers employed by a foreign state.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 23%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVG%3C/text%3E%3C/svg%3E)
Vicki Grinnell 0 Reputation points2026-03-05T14:15:49.13+00:00 How did you report to Microsoft? I can't find a phone number or fraud reporting method. Thank you
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 50%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
J S 5 Reputation points2026-03-05T15:42:38.0066667+00:00 Maybe Microsoft should use their super duper AI technology to detect and stop garbage like this from being sent using their domains. Go figure, they can't do it or are unwilling to bother trying.