It was for ALL on-prem deployments. This wasn't due to the user being insecure, this was Microsoft's fault.

If anything it's yet another point AGAINST them - if they can't guarantee secure software without the caveat of running on a closed hardware black box then it's not secure software.