Phishing attacks which use Microsoft’s Azure Blob Storage for hosting their landing pages to take advantage of windows.net subdomains’ valid Microsoft SSL certificates can easily be blocked using custom Office 365 rules. Each of the landing pages employed in the phishing campaign will automatically get their own secure page padlock in the address bar because of the *.blob.core.net wildcard SSL certificate. This way even suspicious targets might get tricked in the end after clicking on the certificate and seeing that it is indeed issued by Microsoft IT.
Source: https://www.bleepingcomputer.com/news/security/office-365-custom-rules-to-block-azure-blob-storage-phishing-attacks/