this is barely one year after the CSRB recommended: "...Microsoft leadership should consider directing internal Microsoft teams to deprioritize feature developments across the company’s cloud infrastructure and product suite until substantial security improvements have been made in order to preclude competition for resources. In all instances, security risks should be fully and appropriately assessed and addressed before new features are deployed."

These recommendations followed a review of MS practices following the Exchange online compromise. I highly doubt anything changed at MS since then.

source: https://www.cisa.gov/sites/default/files/2025-03/CSRBReviewO...