Microsoft states that under its shared responsibility model, the customers own their data and identities across all of the Microsoft 365 applications. It is worth noting that Microsoft SLAs are built around service guarantees and not data retention. Native Microsoft data storage offers a number of great features and also some significant gaps. Versioning, replication, recycle bin, and retention policies do not fully secure customer data from risks.
