I received this phishing email today from a client - I've seen a couple of these recently. This is the kind of bold, capitalised text that Kerrin refers to as yelling. The Microsoft logo is correct, but the text font is not anything like what you would normally see in a real email from Microsoft. It seems they've sacrificed looking legitimate for threats and urgency this time. I wasn't brave enough to open the attachment so I can't tell you what that said, or what kind of nasty infections it might have contained. But if you look at the name of the attachment, it's called Microsoft356 (obviously it should have been Microsoft 365). And the sender name is also a dead giveaway. You might have noticed that I cut it off - just that line of nonsense characters alone was 157 seemingly random letters and numbers. I would also say that the grammar of the text in red is pretty questionable.
I assume that the attached 'form' would uplift your Microsoft 365 login details which would then provide the scammers access to your account. Or, if you have a MS365 User account through your work or for your business, they could get access to SharePoint. From here they could delete all the data and attempt to ransom it back, or they might find their way into your accounting software and change the bank account number on the invoice template. Either way it could be very bad. Please delete this email if you receive it.