Microsoft stops relying on Chinese engineers for Pentagon cloud support

Microsoft on Friday revised its practices to ensure that engineers in China no longer provide technical support to U.S. defense clients using the company’s cloud services.

The company implemented the changes in an effort to reduce national security and cybersecurity risks stemming from its cloud work with a major customer. The announcement came days after ProPublica published an extensive report describing the Defense Department’s dependence on Microsoft software engineers in China.

“In response to concerns raised earlier this week about US-supervised foreign engineers, Microsoft has made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services,” Frank Shaw, the Microsoft’s chief communications officer, wrote in a Friday X post.

The change impacts the work of Microsoft’s Azure cloud services division, which analysts estimate now generates more than 25% of the company’s revenue. That makes Azure bigger than Google Cloud but smaller than Amazon Web Services. Microsoft receives “substantial revenue from government contracts,” according to its most recent quarterly earnings statement, and more than half of the company’s $70 billion in first-quarter revenue came from customers based in the U.S.

In 2019, Microsoft won a $10 billion cloud-related defense contract, but the Pentagon wound up canceling it in 2021 after a legal battle. In 2022, the department gave cloud contracts worth up to $9 billion in total to Amazon, Google, Oracle and Microsoft.

ProPublica reported that the work of Microsoft’s Chinese Azure engineers is overseen by “digital escorts” in the U.S., who typically have less technical prowess than the employees they manage overseas. The report detailed how the “digital escort” arrangement might leave the U.S. vulnerable to a cyberattack from China.

“This is obviously unacceptable, especially in today’s digital threat environment,” Defense Secretary Pete Hegseth said in a video posted to X on Friday. He described the architecture as “a legacy system created over a decade ago, during the Obama administration.” The Defense Department will review its systems in search for similar activity, Hegseth said.

Microsoft originally told ProPublica that its employees and contractors were adhering to U.S. government rules.

“We remain committed to providing the most secure services possible to the US government, including working with our national security partners to evaluate and adjust our security protocols as needed,” Shaw wrote.

WATCH: Microsoft Security VP Vasu Jakkal talks cybersecurity with Jim Cramer