This is a big deal in cybersecurity education. I'm in the UK doing it. We've a dilemma that industry is desperate for fresh new cybersecurity recruits to fill an enormous skills gap. In the UK, Microsoft is a "preferred supplier" for lots of organisations, even defence stuff, and to get our students past the gatekeepers they pretty much need "365". Regardless of whether they can recompile a Linux kernel and do protocol analysis with Wireshark... no 365, no job, Not even tier-1 support.

By contrast my last cohort of masters students worked on things like critical infrastructure, national security, long-term resilience, hybrid interoperability... everything that Microsoft is not and makes worse.

So there's a schism between academic understanding and industrial reality that makes cybersecurity really rather hard to fix.

So I have to walk into a classroom and say:

  "Heads-up! We're going to be learning about 365 administration this
   week, about Active Directory, and this and that... which are all
   okay products and make a lot of admin tasks easier. BUT!! The only
   reason is so you can walk into a job. Because this US company has
   the UK tech sector by the balls. As soon as you're working, forget
   everything you hear in these lectures, because it's dangerous
   BigTech mono-culture that's antithetical to the real values of
   cybersecurity. Take the principles. Reject the products. Look at
   other tools that do the same, Have a backup plan." 

And I hope they took enough from Ross Anderson's SecEng book, and from the BSD/Linux classes and my the other lectures to go out there and start undoing the harm.