Also, Microsoft regularly sends me legitimate emails regarding "Microsoft Rewards" that are absolutely indistinguishable from phishing, like "Total Prize Drop is here! Your chance to win 1,000,000 USD cash grand prize or one of three customizable Mercedes-Benz cars!", complete with links to login pages and everything. So like this one, just as mail: https://xcancel.com/bing/status/2034720189003231410

The first time I got those I couldn't believe these were legitimate. Thank you Microsoft for teaching your customers how to fall for scams!

That's just for support. Legit password resets for example come from more random top level domains with "microsoft" in it, like microsoftonline.com

Another fun one is facebook, they use facebookmail.com or whatever else for serious security stuff