I have no experience with any of this but thinking thru the other side, if I'm an IT helpdesk person getting an account reset/unlock request, I have no means to validate any identity paperwork anyone sends in. My response would be a curt email accd to policy and move on to the next IT ticket.

I think the legal path is your best bet unless you know someone higher up. A legal path could bypass all the offshore IT helpdesk staff (making assumptions, MSFT is a giant mega-corp).