Incoming emails from Microsoft Defender (Business/Endpoint) don't work with email routing

In general, I have had excellent results with Cloudflare email routing to gmail addresses. However, peculiarly, no notifications issued by Microsoft 365 Defender ([email protected]) are received when sent to an email alias set up through Cloudflare’s Email Routing.

  • The same notification emails are received without fail when sent directly to the gmail address (i.e., the same one to which the Cloudflare-born alias would have routed).
  • When I personally send test messages to the email alias, they make it through perfectly.
  • There is no mention of any incoming emails from Microsoft being dropped on the Cloudflare activity log (on the email routing dashboard). It would therefore seem that such Microsoft notification emails may not even be making it to the point where Cloudflare decides to drop or forward.
  • I do not wish to integrate the Cloudflare-hosted domain name with Microsoft Defender. That really shouldn’t be a factor.

To recap:
Microsoft Defender → email alias at Cloudflare → Gmail == FAIL
Microsoft Defender → Gmail == SUCCESS

This is a complete mystery to me. I would appreciate hearing whether anybody else has encountered a similar issue and whether there are any possible solutions that would allow me to still use the Cloudflare-born alias.