Microsoft has decided to stop using China-based computer engineers for work on sensitive U.S. Defense Department cloud systems following national security concerns raised by a ProPublica investigation and pressure from Republican lawmakers. The tech giant announced it would discontinue the use of China-based engineering teams for assisting with Pentagon cloud systems and related services, citing a commitment to ensuring secure operations for U.S. government customers.
The decision follows a report by ProPublica, which accused Microsoft of allowing China-based engineers to assist with Pentagon cloud systems without sufficient security protocols, raising concerns about potential vulnerabilities. The report was picked up by GOP lawmakers and the Trump administration, with Defense Secretary Pete Hegseth emphasizing that foreign engineers from any country should never be allowed to maintain or access DOD systems. Hegseth stated that the Pentagon would be investigating the matter ‘ASAP.’
Microsoft responded to the report by announcing it would cease all reliance on China-based engineering teams for sensitive government work. Frank Shaw, Microsoft’s chief communications officer, stated, ‘We remain committed to providing the most secure services possible to the U.S. government, including working with our national security partners to evaluate and adjust our security protocols as needed.’
The ProPublica investigation revealed that Microsoft’s cloud computing program, launched in 2016, used a ‘digital escort’ system to allow foreign cybersecurity experts, including those based in China, to work on sensitive systems. While the program was designed to comply with federal contracting regulations, the report highlighted concerns that the ‘digital escorts’—often former military personnel hired for their security clearances rather than technical expertise—lacked the capability to prevent potential breaches by rogue Chinese engineers.
Microsoft had previously defended its ‘digital escort’ system, stating that all personnel involved passed federally approved background checks and had no direct access to customer data or systems. The company emphasized its adherence to federal security requirements, including those from the Defense Department and the Federal Risk and Authorization Management Program. The spokesperson noted that layers of mitigation, including approval workflows and automated code reviews, were in place to detect and prevent threats.
Despite Microsoft’s assurances, the report’s findings led to the decision to halt all China-based engineering contributions for sensitive government work. The company’s action has raised questions about the broader implications for U.S. defense contracting and the role of foreign engineers in handling classified information. The Pentagon’s ongoing investigation into the matter is expected to examine whether Microsoft’s practices violated any security protocols and whether further measures are needed to protect national interests.