I wasn't talking about Azure. I was talking about Microsoft's software products such as Outlook, Windows, etc.
Rergardless, my point is that Microsoft saying that they have audits and controls in place is exactly the same as them saying "trust us". They're just saying "trust that we have effective controls in place".
Sure, I understand. The thing is that a company has to already have a measure of trust in order for the verification to be of reassurance to people. Hiring outside verifiers is absolutely better than nothing, but it's not a thing that inherently instills a high degree of confidence.
What an organization can (and should) do is to behave in a way that earns people's trust over time. Microsoft actually had a window of opportunity to do this. They even made a very public campaign proclaiming how they weren't like the Microsoft of old and were more trustworthy than they used to be. And for a while, I even thought that perhaps a real culture change really did happen. But their behavior (especially around Windows and Office) is uncannily similar to that of other companies of questionable trustworthiness.
Suppose I'm using services provided by JohnFen's employer. What does it do better than Microsoft that I can trust it with my data? What should Microsoft do to be a trusted partner?
Rergardless, my point is that Microsoft saying that they have audits and controls in place is exactly the same as them saying "trust us". They're just saying "trust that we have effective controls in place".