[German]That was kind of quick reaction after Microsoft was caught as a kind of "with its finger in the honey pot", so to speak. A week after ProPublica's report, that Microsoft uses software engineers in China to maintain it's federal cloud, they draw back. Microsoft says it is no longer using engineers in China to maintain the US Department of Defense's (DoD) cloud systems.
Advertising
Review: The ProPublica bombshell
On 15, July 2025, the ProPublica website reported on a strange practice at Microsoft in the article A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers. The company was using engineers in China to maintain the Microsoft Cloud for the US Department of Defense.
The US Department of Defense (DoD) is somehow aware of this. There is an agreement with the US Department of Defense that was reached almost a decade ago when Microsoft was awarded the US government's cloud computing business. This provides for US citizens with security clearances to monitor the work of Chinese software engineers as "digital escorts". The digital escorts were to serve as a barrier against espionage and sabotage.
How can you imagine this? An engineer describes the scenario like this: The tasks range, for example, from updating a firewall, to installing an update, to fixing a bug or checking logs to fix a problem. The subcontractor from China specifies what exactly needs to be done. The digital escort, who has the appropriate security clearances for the DoD-Microsoft cloud, carries out the instructions of the Chinese software engineer in the federal cloud.
The task is done by copying and pasting, so to speak, without checking the work. This is because the digital escorts often lack the technical expertise to assess what they are doing. I covered this business structure in the article Insame: Microsoft has the US DepartInsane: Microsoft let Chinese software engineers maintain the cloud of US Department of Defensement of Defense's cloud maintained by Chinese software engineers. The structure was presumably introduced so that Microsoft could get faster to market and secure large contracts from the US authorities.
Microsoft say it stops this practice
The ProPublica article is likely to have made waves in the US, given the political controversy with China and accusations of intrusion into US IT systems by Chinese state-affiliated hacking groups.
Advertising
In an initial statement in response to the ProPublica article, Microsoft said its employees and contractors "operate in a manner consistent with U.S. government requirements and processes." It said it has an internal review process known as a "lockbox" to ensure that contractors' instructions are considered secure or provide indications that the process is a cause for concern prior to implementation.
However, according to the above, the digital escorts with security clearance for the US Department of Defense (DoD) are generally unable to assess what the instructions entail. The inspectors are ex-military personnel who, according to ProPublica, are often employed at minimum wage. Only their clearance for the DoD seems to have been the reason for hiring them.
US Senator Tom Cotton from Arkansas, and Chairman of the Select Committee on Intelligence, has put pressure on US Secretary of Defense Peter Hegseth in a letter he published on X. It is unacceptable that software engineers in China have access to the US Department of Defense cloud. Hegseth agrees with Cotton and has announced an investigation into the matter.
And then things got rolling, as ProPublica announced in the article Microsoft Says It Has Stopped Using China-Based Engineers to Support Defense Department Computer Systems. Microsoft's Chief Press Officer Frank Shaw posted the following statement on X:
In response to concerns raised earlier this week about US-supervised foreign engineers, Microsoft has made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services. We remain committed to providing the most secure services possible to the US government, including working with our national security partners to evaluate and adjust our security protocols as needed.
In response to concerns raised earlier this week about foreign engineers under US supervision, Microsoft has made changes to its support for US government customers. This is to ensure that no China-based engineering teams are providing technical support for DoD cloud and related services.
Advertising
