a simpler solution could be to outsource the data to locally registered companies (Either, a subsidiary or a shell data owner). That way Microsoft can deny the data as they do not own it.
handling over the data ownership to a companny in EU is the way to go. This already happens between Deutsche Telekom and Microsoft with their Azure Cloud offer in Germany. Deutsche Telekom is the owner/supervisor of the Data and Microsoft has no acces to it.