Comment by Fischgericht

TLS is only transport encryption. The password will be transmitted in clear before and and after that transport.

This is not at all comparable to other "store my passwords inside the cloud"-systems, where the passwords are encrypted and decrypted on the users' devices, without the encryption key going to the cloud provider - that's the way it's handled in Password Managers, Chrome Auto-Fill etc.

And I would expect Microsoft asking the user for explicit consent "May we take your IMAP password and transfer it and store it in our cloud?" in easy to understand wording so people understand the consequences (for example getting fired for having punched a gapping hole into your employers security policies like "Don't share this password with anyone")

That expectation would match the law in the EU.

And in addition, inside the EU it would also have to guarantee that the password will only be stored on servers inside the EU, and not end up, for example, with the NSA. And even then it still might not be legal.

And from a user's perspective: Certainly a big chunk of users that have been using email software for the last decades would assume that an email client installed on your PC is doing the IMAP access locally. There is no need for your IMAP credentials to go to Microsoft. Merging your local mail store from multiple sources inside the client is what email clients have been doing for the last 20 years. There is absolutely no need to move this to the cloud. Yes, my computer can handle merging email folders.