alt Hacker NewsMore generously, they were applying GDPR rules in the correct manner, but to a different scenario: Microsoft customers being supported by Microsoft subcontractors that don't need to know the customer PII to do their job.
Most businesses using a public cloud need to log the activities of their staff accessing their own systems, which has an entirely different set of policies.
A similar example is Azure Application Insights. Microsoft uses it internally, so they keep removing features that log PII to be "GDPR compliant". Again, they're logging the activities of the general public across the entire world population, so GDPR legitimately applies. To them! Not us. Most of our scenarios are internal staff or partner organisations accessing private systems. Not only do we not do business with anyone from Europe, our systems are either privately networked or geo region locked. Europeans can't access anything in our local state government's internal staff portal even if they wanted to! Unless they hack us... but then we would very much like to log that.
This has nothing to do with being within the jurisdiction of the GDPR or not. There are a variety of national laws worldwide which effectively overlap with or subset the GDPR (because most governments do seem to find protection of personal data worthwhile for their citizens), and Microsoft has to deal with those (either at the behest of their customers or because they are required to).
But Microsoft can totally handle applying the GDPR correctly. They have a lot of countries as customer which use Azure in some capacity and where the need for comprehensive audit logging exists. What you were seeing is a bug; or rather a design flaw, marked as WONTFIX. Some customer rep was giving you the two-fingered salute by starting with 'but GDPR…'.