ZIP isn’t a good way to encrypt, but what Microsoft is doing is simply reading the email, and decrypting zips with the password found in the email body.
All encryptions schemes can be trivially broken if you have the key. It’s not even breaking, it’s just normal decryption.
While that’s true, but there’s no indication of Microsoft brute forcing with million of combinations.
The article you link says Microsoft is only trying a few obvious passwords: the filename, and words found in the plaintext message.
Proper encryption isn’t just about using a strong algorithm. It’s also about proper key management, ie not sending the password in the clear via the same channel as the encrypted files.