These attack vectors have been known and warned about for years.
Microsoft values capturing customers far more than caring about security.
https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
They are now just the typical company saying "Your security is our top priority" while actively (and I mean actively) not trying to secure your data.
The US and any other country should be ashamed of themselves for falling for these sales spiels. I'm sure there are lots of multi-$$$ kickbacks involved.