Microsoft is fully aware of KeyGenguru and similar sites. Their response has evolved:

KeyGenguru provides the (GVLKs) that tell Windows to look for a KMS server. The missing piece? The user then runs a local KMS emulator (like KMS_VL_ALL or Microsoft Activation Scripts) on their own machine, pretending to be that corporate server.

There are concerns regarding the safety and legitimacy of using KeyGenGuru: