WASHINGTON — Microsoft has revised its internal policies to ensure that engineers based in China will no longer provide technical assistance for U.S. government clients, particularly the Department of Defense (DoD), using the company’s Azure cloud services.
The policy change was confirmed Friday, just days after a ProPublica investigation revealed the involvement of China-based Microsoft engineers in providing backend support for sensitive U.S. defense cloud infrastructure. The report raised serious national security concerns, especially regarding potential cyber vulnerabilities.
Frank Shaw, Microsoft’s chief communications officer, stated in a post on X (formerly Twitter), “In response to concerns raised earlier this week about US-supervised foreign engineers, Microsoft has made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services.”
The company’s Azure division, which accounts for more than 25% of Microsoft's global revenue, plays a key role in hosting government data and services. The platform is widely used by multiple U.S. federal agencies and is one of the key contractors in the Joint Warfighting Cloud Capability (JWCC) program, a multibillion-dollar project that awarded cloud contracts to Amazon, Microsoft, Google, and Oracle in 2022.
Microsoft’s initial response to the report indicated that its operations were in compliance with U.S. government guidelines. However, the latest move reflects a shift toward more stringent internal controls following backlash over the outsourcing of defense-related technical support.
The ProPublica report highlighted that Chinese engineers were monitored remotely by “digital escorts” located in the U.S., many of whom reportedly lacked sufficient technical expertise. This raised concerns that the U.S. defense cloud systems could be vulnerable to cyber threats or data breaches originating from foreign access points.
U.S. Defense Secretary Pete Hegseth responded to the report by calling the existing model a “legacy system created over a decade ago, during the Obama administration,” and vowed that the Defense Department would now conduct a full review to identify similar operational risks.
“This is obviously unacceptable, especially in today’s digital threat environment,” Hegseth said in a video statement posted Friday.
Microsoft previously won a $10 billion cloud contract with the Pentagon in 2019, known as the JEDI contract, but it was later cancelled in 2021 due to legal disputes. The current JWCC agreement places Microsoft among the top vendors for cloud-based defense operations, alongside AWS and Google Cloud.
In a statement, Microsoft reaffirmed its commitment to national security: “We remain committed to providing the most secure services possible to the U.S. government, including working with our national security partners to evaluate and adjust our security protocols as needed.”
The move to restrict overseas engineers from defense-related cloud support marks a broader effort by tech firms and the U.S. government to tighten cybersecurity controls and limit potential exposure to foreign influence in critical infrastructure projects.
