"U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,"

So Microsoft didn't have any idea they were attacked, even though their blog articles imply that they did (see sibling comment).

If they didn't even know, how could they attribute to China?