Pentagon Warns Microsoft: Company’s Use of China-Based Engineers Was a “Breach of Trust”

Microsoft started using digital escorts about a decade ago, ProPublica found, and went on to win federal cloud computing business worth billions of dollars. Through the Obama, Trump and Biden administrations, the system escaped the notice of Pentagon officials. ProPublica reported last week that Microsoft failed to disclose key details of the arrangement in the security plans it submitted to the Defense Department. The company has declined to comment on those omissions.

“We expect vendors doing business with the Department of Defense to put U.S. national security ahead of profit maximization,” Hegseth said in the video.

In the wake of ProPublica’s reporting, Microsoft announced last month that it had stopped using China-based engineers to support Defense Department cloud computing systems. In a statement provided for this story, the company said that it “will continue to collaborate with the US Government to ensure we are meeting their expectations.”

“We remain committed to providing the most secure services possible to the US government, including working with our national security partners to evaluate and adjust our security protocols as needed,” the company said in the statement.

In addition to China, Microsoft has operations in India, the European Union and elsewhere across the globe, and engineers in those places also work on Defense Department cloud maintenance.

Last month, Hegseth said on X that “foreign engineers — from any country, including of course China — should NEVER be allowed to maintain or access DoD systems.” But last week, in response to ProPublica’s questions, the Defense Department left the door open to the continued use of foreign-based engineers with digital escorts, saying that it “may be deemed an acceptable risk,” depending on factors that include “the country of origin of the foreign national” being escorted.

In his announcement, Hegseth did not mention whether the escort program would continue or say whether Microsoft’s reliance on other foreign nationals to maintain the Defense Department’s computer systems would also be reviewed. The department did not respond to questions from ProPublica seeking additional information about the new investigations.

ProPublica reported last month that Microsoft has also relied on its China-based employees to maintain federal cloud computing systems beyond the Defense Department, including those of the departments of Justice, Treasury and Commerce. In response to the reporting, Microsoft has suggested that it would also discontinue the use of China-based engineers for those departments.

In this week’s announcement, Hegseth said the Defense Department was working “with our partners in the rest of the federal government to ensure that all U.S. networks are protected.”

Renee Dudley is a ProPublica reporter focused on technology, cybersecurity and business. This story was originally published by ProPublica. ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive ProPublica’s biggest stories as soon as they’re published.