More generously, they were applying GDPR rules in the correct manner, but to a different scenario: Microsoft customers being supported by Microsoft subcontractors that don't need to know the customer PII to do their job.

Most businesses using a public cloud need to log the activities of their staff accessing their own systems, which has an entirely different set of policies.

A similar example is Azure Application Insights. Microsoft uses it internally, so they keep removing features that log PII to be "GDPR compliant". Again, they're logging the activities of the general public across the entire world population, so GDPR legitimately applies. To them! Not us. Most of our scenarios are internal staff or partner organisations accessing private systems. Not only do we not do business with anyone from Europe, our systems are either privately networked or geo region locked. Europeans can't access anything in our local state government's internal staff portal even if they wanted to! Unless they hack us... but then we would very much like to log that.