Share via

Receiving occasional notices from Microsoft Azure

Linda Courtney 0 Reputation points
2026-03-11T19:50:09.5033333+00:00

The past month or so I have been receiving occasional notices from Microsoft Azure which I have never heard of.

I have received email with the heading “Azure: Activated Severity: 2 Payment Received Invoice INV-f ...” with the merchant listed as Windows Defender regarding a payment that I’ve never approved or knew of. All the email says is you're Azure Monitor alert was triggered.

Within minutes, I receive another email from Microsoft Azure stating “Azure: Deactivated Severity - Your Azure Monitor alert was resolved.”

I have only recently started receiving these notices. To my knowledge, I have not activated any app or software regarding Azure and, since I've never heard of Azure before, I've become suspicious and wondering if this is real or scam. If not a scam, then what the hell is Azure and why did these email just recently start arriving?

Azure Monitor
Azure Monitor

An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.

0 comments
Answer accepted by question author
  1. Suchitra Suregaunkar 9,270 Reputation points Microsoft External Staff Moderator
    2026-03-11T20:42:03.48+00:00

    Hello Linda Courtney

    Thank you for posting your query on Microsoft Q&A platform.

    What you’re describing closely aligns with a known scam pattern involving Azure alert emails.

    In these cases, attackers first gain access to an Azure subscription and then deliberately configure alert rules to send notifications to external email addresses (such as yours). They subsequently trigger those alerts. While the emails are technically generated by Azure, the alert message content itself is authored by the attackers.

    These emails typically include alarming language such as:

    • references to a “Fraud Prevention System” or “Windows Defender,”
    • warnings about large, suspicious charges,
    • threats of account suspension, and
    • a so‑called “Fraud Resolution” or “Support Hotline” phone number.

    The objective is to pressure recipients into calling that number, where the scam continues.

    Important guidance:

    • Do not call any phone number mentioned in the email.
    • Do not click any links included in the message.
    • Simply delete the email.

    It’s worth noting that these messages can appear convincing because they are sent from legitimate Microsoft email infrastructure. However, Microsoft does not include phone numbers or urgent call‑to‑action language like this in genuine Azure alert notifications.

    Reference: https://malwaretips.com/blogs/microsoft-azure-alert-was-triggered-scam-exposed-investigation/

    If the provided information helped, kindly consider marking the answer as "Accepted" and "Upvote" it. This helps other community members who may encounter a similar issue in the future.

    If you have any queries, please feel free to reach out us.

    Thanks,
    Suchitra.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-11T19:50:26.22+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Azure is Microsoft’s cloud platform that provides online services such as virtual machines, databases, storage, security, and monitoring. “Azure Monitor” is one of those services; it can send alert emails when certain conditions are met (for example, when a charge is posted, or a security or usage threshold is crossed) and then send a follow‑up email when the condition is resolved.

    The behavior described—one email saying an Azure Monitor alert was activated and another shortly after saying it was deactivated—is consistent with an automated alert rule that fires when a specific event occurs (for example, a payment or billing event) and then clears when the condition is no longer true.

    To determine whether these emails are legitimate or a scam:

    1. Check the sender’s domain
      • Genuine Microsoft support or system emails use specific domains. For support, valid domains include:
        • microsoft.com
        • microsoftsupport.com
        • mail.support.microsoft.com
      • Security alerts to partners can also come from azure-noreply@microsoft.com.
      • If the email is from a different or look‑alike domain (for example, something like ******@outlook.com or other non‑Microsoft domains), it is likely phishing.
    2. Inspect the message in Outlook for suspicious indicators
      • If Outlook shows a ? in the sender image, the sender could not be verified. Treat such messages with caution, especially if they request action or contain links.
      • If Outlook shows a “via” tag indicating the message was sent via a different domain than what appears in the From address, be cautious if the sender is not recognized.
    3. Do not click links or open attachments in suspicious emails
      • If the email mentions payments you do not recognize, do not use any links or phone numbers in the message. Instead, sign in directly to the official Microsoft account or Azure portal (if you have one) through a trusted bookmark or by typing the address manually, and check billing or subscriptions there.
    4. If the emails are legitimate Azure alerts
      • Someone may have created an Azure subscription or alert rule associated with the email address (for example, through a trial, a bundled subscription, or a partner/organization account). In that case, Azure Monitor alerts can be reconfigured or disabled in the Azure portal by an administrator.
    5. If the emails appear to be phishing or a scam
      • Do not reply, do not call any phone numbers in the email, and do not allow remote access to the device.
      • Report the message as phishing in Outlook using the built‑in reporting options and follow the guidance in “Protect yourself from phishing.”

    If there is any doubt about charges or account activity, contact Microsoft through official support channels only, starting from the main Microsoft Support site or the account portal, not from links in the email.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.