Microsoft halts use of China-based engineers on Pentagon cloud systems after national security concerns and DOD review.

Microsoft Changes Course Following Security Review

Microsoft announced it will cease employing China-based computer engineers for Pentagon cloud systems and related classified projects, following a week of intense scrutiny over potential national security risks. The decision came on the same day Defense Secretary Pete Hegseth publicly raised concerns about foreign engineers’ access to Defense Department data, stating the DOD would be investigating the matter as a priority.

The move was prompted by a ProPublica report revealing that since 2016, Microsoft allowed China-based engineers to support Pentagon cloud systems, relying on a system of “digital escort” supervisors meant to safeguard sensitive information. However, critics highlighted that these escorts, often former military personnel, lacked the technical skills needed to monitor the engineers they were overseeing, creating vulnerabilities that could be exploited for espionage or data breaches.

Responding to the backlash, Microsoft’s chief communications officer Frank Shaw said, “In response to concerns raised earlier this week about U.S.-supervised foreign engineers, Microsoft has made changes to our support for U.S. government customers to assure that no China-based engineering teams are providing technical assistance for DOD government cloud and related services.” Shaw emphasized that Microsoft remains dedicated to providing secure solutions for the U.S. government and will continue working with national security partners to adjust security protocols as necessary.

Background and Reactions

The ProPublica investigation cited sources familiar with Microsoft’s hiring for $18-per-hour “digital escort” positions and revealed that, despite passing security clearances, many supervisors lacked the expertise to effectively review code or prevent insider threats. While Microsoft previously defended the program by citing background checks and compliance with U.S. government requirements, lawmakers and DOD officials expressed alarm, noting that U.S. guidelines mandate only citizens or permanent residents handle sensitive data.

The Pentagon, when asked for further comment, reiterated Defense Secretary Hegseth’s position that foreign engineers “should NEVER” be permitted access to DOD systems. Hegseth made clear that the Defense Department would conduct an immediate review of Microsoft’s security protocols and the role of foreign nationals in defense projects.

Microsoft clarified that its “digital escort” model was used only in select unclassified environments, and that global experts did not have direct access to customer data or systems. Nonetheless, security concerns persisted due to sweeping Chinese data cooperation laws and the critical nature of “Impact Level” four and five data supporting military operations.

As Microsoft phases out China-based engineers from Pentagon projects, the company will rely exclusively on U.S.-vetted personnel for sensitive government work. The incident has prompted a renewed focus on security in defense contracting, with the Defense Department and lawmakers signaling increased oversight for tech partners handling national security data. Microsoft reaffirmed its commitment to secure government services, promising to continue adapting its security protocols in partnership with federal agencies.