University Microsoft account authentication is managed by the ADFS (Active Directory Federated Service). It is similar to the Raven/Shibboleth authentication service. Your user account is created and managed by the University's Blue Active Directory, and your login information – not including your password – gets synced to Microsoft's Azure Active Directory in the cloud every 3 hours.
Your password remains within Cambridge. On UIS' systems, your password is "hashed" – an irreversible cryptographic technique used to add to its security.
If you access the Microsoft portal (e.g. for Office 365, OneDrive for Business or Exchange Online with a University account) you will be forwarded to the University's Microsoft authentication page to log in securely to use these services: