"In its new complaint, noyb said Microsoft was trying to avoid responsibility under GDPR by insisting that almost all of the data protection responsibilities lie with local authorities or schools."
Actually, I think that's preferable. Parents can take the matter up with the schools. For the average parent or parent organisation this is going to be easier than dealing with Microsoft. After all, it would have been the schools' decision to go with Microsoft, not the parents'.
This, I think, is a better principle that saying if the data you provided to a local supplier is breached by their supplier in the US then take it up in a US court. That idea was behind the previous privacy fig-leaves and equally, AIUI, behind the bridge framework.
The schools can then take the matter up with Microsoft and, as customers, should find this easier - not very much easier but they do have a direct relationship. And if they don't get a satisfactory answer from Microsoft they can cease doing business with them.