It would really depend on the situation to be decided, whether MS would have to pay up, or rather the company using MS products to handle customer data. One can imagine a way to use MS products that might not be illegal, e.g. never use it to process personal data, use anonymized accounts that are not bound to a real person, swap around accounts and computers to prevent association with a person, etc. Then, all it would take for MS to get its 'get out of jail free'-card is to publish that in a whitepaper and make all the problems just be an unfortunate misconfiguration by the company using MS products.

Microsoft can already claim that you can use Excel legally by only ever using it as an expensive calculator or table layout generator.

A theoretical methodology to do so is not enough to make their spyware legal.

There are alternative products that can do almost everything Excel does in almost every real life company without consuming data like the Very Hungry Caterpillar. It's up to them to prove why they need all that data that others don't need, and in what specific ways this data is used for the good of the customer.

Microsoft will need to act and change to solve this problem.

That’s a good point: The use of general-purpose tools like Excel is by essence non-GDPR compliant, since there is no way to mark a column as “person” and therefore attach it to that person’s rights.

Therefore, all corporate tools must be specific for one purpose when managing PII, and no tool should allow free-text fields. Excel, Access, notepads shouldn’t exist in companies.

The point isn't about the tool, it's about where and by whom the tool is run.

Office 365 is cloud based, that's what makes it potentially non-compliant. Having Excel in your company, on your computer, and the data never leaves that computer is a totally different scenario.

How is that different from a sheet of paper?

It's just the cost of doing business for them, implementing and complaining with EU laws might cost even more than the fine

The fine is so outrageously high (up to 4% of global revenue) exactly so this argument can't be made. It's really hard to imagine that implementing proper privacy controls would cost 4% of Microsoft's global revenue, it amounts to US$ 8B for the past year...

But more privacy mean less data they get and less revenue they generate by using that data, similar to how Meta/Google are affected by Apple privacy changes, at least that's my speculation

Ah, multinationals and sovereign states collide.

I doubt the EU can prevent MS365 from being used, and MS can say "we aren't paying a fine here. Ever. Good luck with it."

Who will succeed? No idea.

When did it change to be each EU country rather than one member state's regulator taking the lead in the case?

Can you provide a precedent where this has happened?