Yes. Licensed cloud service providers are required to comply with any lawful interception requests from the regulatory authorities. See below for further details:

The Communications and Multimedia Act ("CMA") provides the following:

• The Malaysian communications and multimedia minister ("Minister") may require a licensee (which may include the cloud services provider if it is regulated as a licensed cloud service provider under the CMA) to effect an authorized interception of communications.
• The Yang di-Pertuan Agong (or the Minister on his behalf) may order the interception of any communications to or from any licensee, person or the general public relating to any specified subject, on the occurrence of any public emergency or in the interest of public safety.

Under the Criminal Procedure Code, the Malaysian attorney general can require a communications service provider (such as the cloud services provider) to intercept and retain a communication received or transmitted by that communications service provider if the communication is considered likely to contain any information relating to the commission of an offence.

From a practical enforcement perspective, if the cloud service provider is (i) an offshore entity, and (ii) not a licensee under the CMA, it is unlikely that the Malaysian law enforcement authorities would expend resources to bring enforcement actions against entities outside of Malaysia.