It seems like Microsoft has some sort of fake phishing system with all of these ridiculous properties, which many organizations then use.
The first time I received one, I initially thought our email server had been compromised, because rather than realizing it was a fake test, my mind went from "Why was this obvious phishing email not caught by the spam filter?" to "How does this email not have Received headers!?" to "How does an obviously fake login page have a valid Microsoft SSL certificate on a validly Microsoft-registered domain name and a Microsoft-ASN IP address!?" to "How much of the university's infrastructure would have to be compromised for an attacker to do that!?".
The first time I received one, I initially thought our email server had been compromised, because rather than realizing it was a fake test, my mind went from "Why was this obvious phishing email not caught by the spam filter?" to "How does this email not have Received headers!?" to "How does an obviously fake login page have a valid Microsoft SSL certificate on a validly Microsoft-registered domain name and a Microsoft-ASN IP address!?" to "How much of the university's infrastructure would have to be compromised for an attacker to do that!?".