Defense Secretary Pete Hegseth prohibited China-based personnel from supporting Microsoft Azure deployments used by U.S. government agencies, citing unacceptable risk despite Microsoft’s supervisory model. The company previously used China-based engineers remotely supervised by U.S. escorts who reportedly hold clearances. ProPublica revealed the practice, and the DoD issued a formal letter of concern. The DoD is demanding a third-party audit of the digital escorts program to review code and submissions by Chinese nationals. Hegseth has directed investigations into whether those employees adversely affected coding of DoD cloud systems. Microsoft acknowledges the change while investigations continue.
The Pentagon has formally kiboshed Microsoft's use of China-based employees to support Azure cloud services deployed by US government agencies, and it's demanding Microsoft do more of its own digging to determine whether any sensitive data was compromised. Defense secretary Pete Hegseth announced the change in policy Thursday. He said that even though Microsoft designed its policy of using staff based behind the Great Firewall to comply with government contracting rules, it was still an unacceptable risk.
ProPublica first reported in July Microsoft was using engineers based in China to support the DoD's Azure use. Those engineers were being remotely supervised by US "escorts," whom Microsoft said are all US citizens with government security clearances. Hegseth said he intended to investigate the matter last month, and yesterday's notice was the first outcome to come from that work.
As is likely obvious to anyone except Microsoft, allowing China-based developers to support operations on sensitive government systems is fraught with risk. According to ProPublica, none of the other major cloud providers it spoke to admitted to doing anything similar. "If you're thinking America first, and common sense, this doesn't pass either of those tests," Hegseth said. While developers working from China are no longer supporting DoD systems, according to both Hegseth and Microsoft itself, the investigation is not over.
Collection
[
|
...
]