Microsoft's response is concerning. ... and has refused to pay out bug bounties for the issue.
Being pedantic, it does seem that bugs in MS's own website aren't covered by the bounty program...
Interestingly, I've noted with some clients their backup email servers - visible in their DNS records, also refer to servers - with similar generic names - on Google/AWS/Azure, which currently don't resolve to an actual host. So this isn't going to be a one off problem...