Microsoft has been employing enterprise network security solutions engineers in China to help maintain the Pentagon’s cloud systems for nearly a decade, under minimal US supervision, igniting espionage fears and prompting an urgent Pentagon crackdown, according to ProPublica‘s investigation.
The revelation exposed how one of largest US tech giants quietly managed sensitive military systems while relying on overseas talent.
What was framed as a cost-efficient cloud solution program is now nothing but a mere transparency, oversight, and national security worry for the Department of Defense (DoD), showing that the in-house “digital escorts” supervising the Microsoft defense security solutions failed to police foreign engineers.
The Whole Pentagon Microsoft Chinese Nationals Story
The Microsoft DoD program, designed to oversee foreign engineers working on sensitive Pentagon systems, is at the heart of the scandal.
US citizens with security clearances were hired as escorts, often lacking technical expertise, to supervise Chinese engineers remotely managing Defense Department cloud infrastructure.
“We’re trusting that what they’re doing isn’t malicious, but we really can’t tell,” one escort told ProPublica on condition of anonymity.
Paid as little as $18 an hour, many escorts were ex-military personnel with little coding experience, unable to monitor highly skilled engineers executing complex commands.
The digital escorts model to have oversight over the Microsoft program with the Pentagon remained largely unknown inside the DoD, until recently. Most of these digital escorts are former US service members, with minimal coding expertise, and being paid wages barely above the bare minimum.
“Literally no one seems to know anything about this, so I don’t know where to go from here,” said a spokesperson for the Defense Information Systems Agency, Deven King.
“If I were an operative, I would look at that as an avenue for extremely valuable access. We need to be very concerned about that,” warned a former CIA and the National Security Agency executive who later served as national cyber director, Harry Coker.
The Office of the Director of National Intelligence has repeatedly flagged China as the “most active and persistent cyber threat” to US government networks.
Back in 2023, Chinese hackers infiltrated senior officials’ email accounts, stealing 60,000 State Department messages. Now, experts wonder whether Microsoft’s enterprise network security program contributed to such vulnerabilities or could have the same repercussions.
The Pentagon’s network infrastructure security solutions cancellation of Microsoft’s ten-year-old program highlights just how questionable the enterprise network security solutions agreement had grown – or was to begin with.
Untrained US veterans, lacking technical instruction, passed essential Defense Department cloud information received directly from Chinese engineers for years.
Over the past decade, Microsoft managed network security solutions haven’t been smooth.
Before that, the Big Tech giant relied on an honor system that assumed foreign employees wouldn’t abuse their access. Not only did Microsoft’s approach lead colossal mistakes but exposed the infrastructure to severe espionage threats.
The moment Pentagon’s cloud network security solutions officials realized the intensity of the exposure, they moved quickly to shut down the practice, calling it a betrayal of confidence endangering national security.
Defense Supply Chain Security and the Pentagon’s Response
The fallout has been swift, and the Defense Secretary Pete Hegseth announced in a video that the Pentagon would “no longer allow Chinese nationals to work as coders on Department of Defense cloud systems.”
Calling the program a “breach of trust,” Hegseth said the practice “exposed the department to unacceptable risks.”
“It blows my mind that I’m even saying these things in such common sense, that we ever allowed it to happen,” he added. “We expect vendors doing business with the Department of Defense to put U.S. national security ahead of profit maximization.”
Hegseth confirmed Microsoft has terminated the use of China based engineering teams for Pentagon and along the way DoD cancels contracts with Microsoft and will conduct an internal audit at no cost to taxpayers. The Pentagon has also launched a separate investigation to determine whether malicious code was introduced.
Microsoft said in a statement regarding the enterprise network security solutions that it remains “committed to providing the most secure services possible to the U.S. government,” stressing that foreign workers had no direct access to government data and that additional monitoring safeguards were in place.
Yet critics argue that the system created a dangerous mismatch between escorts’ skills and the engineers they were meant to oversee.
“Here you have one person you really don’t trust because they’re probably in the Chinese intelligence service, and the other person is not really capable,” said former chief technology officer at DISA, David Mihelcic.
Warning for Defense Supply Chain Security
The Microsoft cloud security for the Pentagon revelations highlight deeper concerns about the US defense supply chain’s dependence on global tech providers. As federal agencies made a change to commercial cloud services, companies such as Microsoft, Amazon, and Google became guardians of highly sensitive data once handled in house.
Microsoft’s enterprise data security solutions for DoDescort model, conceived as a cost-saving compromise, illustrates the trade-offs between security and scalability. “It’s always a balance between cost and level of effort and expertise,” senior program manager named Indy Crowley told ProPublica.
With US China tensions deepening and state sponsored hacking campaigns are becoming more sophisticated, experts warn that even limited access points can be exploited.
For now, the Pentagon has pledged stricter oversight of enterprise network security solutions vendors, while lawmakers press for answers on how such a program operated under the radar for so long.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Tech sections to stay informed and up-to-date with our daily articles.