On-prem Exchange and brute force attack coming from Microsoft ARIN blocks

I've looking at my security log on an EX2019 server and observing thousands of brute force failures. This is par for the course, however, these failures are coming FROM Microsoft ARIN blocks.

40.96.41.13
40.97.131.173
40.97.165.125
40.97.176.101
40.97.28.245
52.96.174.125
52.96.175.141
52.96.203.13
52.96.204.189
52.96.204.221
52.96.224.165
52.96.237.197
52.96.253.109
52.96.255.141
52.96.31.125
52.96.64.13
52.96.77.149
52.96.94.93

All of the IPs above are brute forcing one or more user accounts in our domain. I have reported this to cert@microsoft.com and they immediately close the request with the …

arin attack cybersecurity exchange microsoft