Microsoft said Friday it will stop using China-based engineers to support Pentagon cloud systems following reports that the practice posed a security risk.
The decision follows a ProPublica investigation revealing that Microsoft had employed China-based engineers to assist with Department of Defense (DOD) cloud services without adequate safeguards.
According to the report, Microsoft is using U.S. “digital escorts” as intermediaries between China-based Microsoft engineers and DOD cloud systems. These escorts, who are U.S. citizens, manually input commands into military networks on behalf of the foreign engineers, who are barred from direct access.
The report warned that this arrangement could expose sensitive DOD systems to cyber threats, since many of the escorts lack the technical expertise to identify potentially malicious code.
“In response to concerns raised earlier this week, Microsoft has made changes to ensure no China-based teams are providing technical assistance for DOD government cloud services,” said Frank Shaw, Microsoft’s communications chief, in a post on X.
In response to concerns raised earlier this week about US-supervised foreign engineers, Microsoft has made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related…
— Frank X. Shaw (@fxshaw) July 18, 2025
On Friday, Defense Secretary Pete Hegseth stated that foreign engineers from any country “should never be allowed to maintain or access DOD systems.”
“This is obviously unacceptable, especially in today’s digital threat environment,” he said in a video uploaded on X, further adding that China “will no longer have any involvement whatsoever in our cloud services, effective immediately.”
He added that the Defense Department would initiate a two-week review of the matter immediately “to make sure what we uncovered isn’t happening anywhere else across the DOD.”
Update on DOD’s cloud services pic.twitter.com/0wCe3vmuNU
— Secretary of Defense Pete Hegseth (@SecDef) July 18, 2025
