To me it sounds like specifying something like pip install azure-loganalytics by microsoft (or equivalent syntax) and automatically confirm the account would be more useful.
Even that would only move the trust problem from the package to the account. How does one know the microsoft account is actually Microsoft?
Something like the DNS verified domain name linking takluyver suggested above would be a great solution. And the DNS verification doesn’t have to affect the package name; it could be linked to the account name.
And this would not be breaking anything because you could still verify it manually and omit the by microsoft if your tool does not support it yet.