You talk a lot about legal and illegal without mentioning jurisdiction which is rather important since the US got jurisdiction over MS US, Ireland over MS Ireland. The US can legally put the thumbscrews on MS US to produce the documents, Ireland can legally put the thumbscrews on MS Ireland to not produce the documents. Which puts Microsoft in a "damned if you do and damned if you don't" position, but there's no "world court" they can appeal to. The US can say we're right, appeal denied and Ireland can say the same. It still won't be possible for Microsoft to comply with both.
It's clear to see why the US - or indeed any country - don't like the idea that you can "jurisdiction shopping", like oh all our company data is outsourced to our wholly owned subsidiary in the Cayman Islands and we wouldn't want to break any local laws, you'll have to go through the courts there. But if that's a problem you should restrict the export of information, like if you're a US company the data on US citizens must be accessible to US courts. Trying to demand that all data held by foreign subsidiaries, even on foreign citizens be available to US courts is begging for trouble.
The reciprocity here is that a Chinese court can demand data on US citizens stored on US servers by a US subsidiary because it's owned by a Chinese company. The US would never grant the permissions it's trying to create for itself, it's one rule for us and one rule for everybody else. Hopefully the supreme court is smart enough to see that, otherwise there is only one choice: Stop making any product made by a US company in any privacy-sensitive context.