The attacks from Microsofts servers have not have not completely stopped but they’ve slowed considerably.

     Looking specifically at what is in the logs tripping fail2ban, I find that they are trying to send mail from non-existent domains.  This is something our servers will not accept anyway, so for now I’ve whitelisted the IP space involved which should let legitimate mail through.