Microsoft took the step of notifying thousands of individual recipients
How did they do that? By sending out letters using the postal system?
It looks to me that MS are trying to market their Advanced Threat Protection products.
As the starting point for attack seems to be fake file-sharing notifications from OneDrive I feel that MS should instead be taking more responsibility for making such file-sharing notifications less problematic in the first place. It's the old old problem of hiding vital information from the user (hiding execute extensions in Windows Explorer, hiding sender email addresses in emails, and hiding the true browsed domain in a URL) in an updated guise.