One of my former managers had this habit of setting up email rules for known phishing simulation domains whenever he started somewhere new.

Microsoft domains listed in a table here for anyone else unfortunate enough to have to use their products within your org.