Same for Phishing Attacks
Some of the more dangerous phishing attacks I've seen include a fake Office 365 login form (an HTML document) hosted at Live.com or OneDrive.com.
Employees see the perfectly duplicated sign-in form, and when they double-check the browser bar they see the TLS lock symbol with a certificate for Microsoft Corporation.
It's a series of failures at every layer: poor spam filters allow emails that look an awful lot like they are from Microsft, which link to a ubiquitous (but faked) sign-on screen, hosted on servers that are certified as Microsoft. It goes even further if your admins added either site to the Trusted Domains list.
I loudly protest at the claim that Office 365 is more secure than its on-premises predecessors.