MS Recommendation to NOT inspect O365 traffic?

What's your take on the standard MS talk around TLS inspection for O365? I feel like not inspecting it is the easiest route for them but it just blows me away.

1. OneDrive is a major distribution hub of malware/ransomware
2. Enterprise customers may use personal or tenants from other organizations
3. Enterprise tenants are not at all immune to malicious content stored/passing through O365
4. Data leakage may occur to enterprise owned, third party or consumer tenants.

Thoughts?

customers cybersecurity distribution enterprise inspection major malware may o365 onedrive organizations personal ransomware standard tls traffic