[dusted]

Playing the devils advocate here (though, to be honest, I am very much a hosted-on-premise kind of angry old man here)..

Allowing that is a slippery slope for a cloud host. If people can simply say "oh, someone used our credentials to do that thing that cost a lot of money" as a get-out-of-bill card..

If they were legitimately hacked, as in, the intruder did NOT simply obtain their access credentials, but actually bypassed the security system itself (hacking into the actual azure host, or exploiting a technical glitch in the azure login system) then, of course they should forgive the bill (and apologize to their customers)..

[qolop]

It's definitely not a slippery slope. Firstly it's a drop in the ocean for cloud providers. Secondly, there's some effort required in establishing whether it was a case of stolen credentials or not. Not everyone is going to put in that effort to lie. And finally, you're forgetting that most cloud users are enterprises and small business that have some moral compass and aren't going to lie to the cloud providers to their face.