This is a weird one, but my boss brought it to my attention and was hoping to gather thoughts/advice/etc.
So the Active Directory logins we use for the computers are separate/different from our office 365 sign-ins. My boss went to sign-in to Office 365 in his browser today, and it defaulted to showing his Active Directory / Computer login as the username. Underneath the "forgot password" link, was a link to "Email firstname.lastname@example.org". The first two letters were the same as his first name, but he doesn't have any similar gmail account. What's stranger, is that there's no domain in his A.D. login, just letters, so this username didn't seem possible.
He called me to check into this out of concern. The Windows/Active Directory automatically filling-in for the Office 365 login didn't seem too crazy on it's own, but having the unknown email address linked to it worried him.
I went to login.microsoftonline.com and tried entering MY Active Directory name as the sign-in, instead of my normal Office 365 email. I tried my password, which of course didn't work, but then when I clicked "Forgot Password" it gave me the option to "Email a.@verizon.net". My first name starts with A, so now I'm curious as well.
I tried making a new Microsoft account with just my Active Directory username to see if it said it's taken, but it told me you can't make an account without having "@something.etc", so how the heck does this account exist? My guess is related to other accounts having the same name as ours, maybe old ones migrated before office365, idk, but we figured it was worth asking if anyone is familiar with this situation. Our actual Office 365 accounts are all MFA protected, but it's concerning nonetheless.