Don't worry — no account or password was stored.
The "Microsoft 365 unusual sign-in" alert you just received was part of an authorized phishing simulation run by [your organization / IT security team]. The email was simulated and the sign-in page was fake. The goal is to help everyone practice spotting suspicious emails before a real attack happens.
Account-security alerts are one of an attacker's favorite lures: they trigger both fear (your account is hacked) and urgency (you might get locked out), so you enter your password before stopping to verify. There was no harm this time — it's a great chance to practice.
1. Pause. Don't rush to click links or enter your password.
2. To check account security, open the official site in your browser yourself — don't use the email link.
3. Turn on and trust MFA (multi-factor authentication) — even if your password leaks, it's another line of defense.
4. When in doubt, verify or report to [IT service desk / security contact]. Reporting is never penalized.
Thank you for taking part. Your alertness is the organization's best line of defense.