Great question. It is not defined. Generally, in my opinion, segregation at a protocol level passes audit very easily i.e A DB per tenant. Based on my experience what I have seen is that the line of questioning and the idea is around, if someone gets access to a databases, does that attacker get access to all the data or just the data of the tenant.