No? The “root of the problem” is that the cloud service the files were stored in, was deauthed. At that point, I would absolutely expect all files to be deleted.
You can argue that M$ shouldn’t have pushed for that by default, but the problem as described is “user stored their important files in one drive, they gave away their password, password was changed, new password was unknown, one drive removed all local copies of files stored in it, microsoft couldn’t verify who they were when they called.”
Had this been the other way around, where the scammer got file access and the original user reset their password, you’d expect the scammer to have the local copies deleted… would you not?