Shared responsibility: the basic split
Microsoft owns what you can't control; you own what you can control. Provider responsibilities: datacenters, physical infrastructure, core platform. Customer responsibilities: configuration, identities, access, data usage. The split changes per service. If you can configure it, assume you must secure it.