I've seen e-mails for opening an Ebay account.. social media somewhere far away from here.. bank accounts.. renting a car.. getting a loan.. getting a quote for car fixing.. mobile phone subscription.. debt collector.. geesh what else.
The Ebay one was the most annoying for me. It happened like 5 years ago, and I was just about to sign up an account to order some stuff. Then this happens. I could reset the password and see what the person ordered (some clothing) to an address somewhere in India (obviously). I had the account finally closed, and asked if I could register my own new account. They said that was not possible.. they close the account but won't remove it, so I couldn't register my own Ebay account. Luckily gmail has 2 domains (gmail and googlemail), so I switched them around.
The guy who registered a loan+bank account on my account was the second most annoying, because I kept receiving e-mails over and over again (and seeing a completely different name to me, along with date of birth 01-jan-XXXX showed to malicious intent). Their customer service was **** and didn't do anything about it. Fortunately the mobile phone number was in one of those e-mails... That finally stopped it.
It's trivial to get a random "valid" e-mail address just going of the number of leaks at haveibeenpwned.com. Those databases typically circulate around somewhere on the internet, so someone could just find those databases and grab a random e-mail. I'm very surprised how many companies/websites don't actually send a verification e-mail so these things are bounced off.
Obviously it could be something as simple as a typo. I had people sending e-mails addressed to "hansi" instead of me.. it happens. But those were personal e-mails, but from a company/website.
I'd be surprised if the e-mail you received is "fake" (e.g. not from Microsoft). If you have mailbox at e.g. gmail or other modern providers, they will typically use IP blacklists and verify SPF records. Those records belong to DNS data, and contain a list of IPs that may send e-mails on behalf of that domain. Many e-mail providers will even bounce e-mails from a server that doesn't support SPF. So although it's still possible to have spam slip through SPF.. it's getting incredibly more rare.
I would probably just contact MS about it to have them figure it out. They have pretty good customer support.. in contrast to that other bank.