Looking at their acknowledgements list it seems advisories always have acknowledgements even when it's Microsoft themselves who find the flaw. However, the MS17-010 patches didn't have any. If that's because they'd have to acknowledge the NSA, then it seems like more stuff is on the way: MS17-019 is also missing from the list. That's also patched in March and is "a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system."
Why would they? The immediate concern is whether or not the exploits are still a risk, not determining the origin. Any future use of them is likely to be groups other than NSA at this point anyway.
If/when Microsoft do call out the NSA, I imagine it'll a) be filtered through their press/PR teams and b) be after they've had time to verify the source (it seem overwhelmingly likely to be NSA-originated, but I'd guess MS will do their own investigation and not just take it at face value).
MS will never "call out" anybody, in particular nobody in the US government - one of the few entities on the planet who can make Redmond lives materially harder. MS and authorities have a long history of peaceful collaboration and there is no reason to believe this state of things will change anytime soon.