SAN FRANCISCO, California: Microsoft announced July 18 it will no longer allow engineers based in China to provide technical assistance for U.S. military systems, following scrutiny from a U.S. senator and a newly ordered review by Defense Secretary Pete Hegseth into Pentagon cloud contracts.
The move comes after investigative outlet ProPublica reported that Chinese engineers were supporting U.S. military cloud computing systems under the supervision of U.S. "digital escorts"—subcontractors with security clearances but often lacking the expertise to evaluate cybersecurity risks. The report raised concerns about potential vulnerabilities and prompted swift action from lawmakers and the Pentagon.
Microsoft, one of the largest technology contractors to the U.S. government, confirmed that the arrangement had been disclosed to federal authorities during its contract authorization process. Still, in response to the backlash, the company has now pledged to overhaul its procedures.
"In response to concerns raised earlier this week, we've changed how we support U.S. government customers to ensure that no China-based engineering teams are providing technical assistance," Microsoft spokesperson Frank Shaw said on X (formerly Twitter).
Earlier in the day, Senator Tom Cotton, who chairs the Senate Intelligence Committee and serves on the Armed Services Committee, sent a letter to Defense Secretary Hegseth demanding clarity about contractors using personnel from China. He also requested details about how digital escorts are trained to detect security breaches.
"The U.S. government recognizes that China's cyber capabilities pose one of the most aggressive and dangerous threats to the United States," Cotton wrote. He cited prior intrusions into critical infrastructure and telecom networks as justification for increased vigilance. "The U.S. military must guard against all potential threats within its supply chain, including those from subcontractors."
Defense Secretary Hegseth responded swiftly, ordering a full two-week review of all Defense Department cloud service contracts to determine if any others involve China-based personnel.
"I'm announcing that China will no longer have any involvement whatsoever in our cloud services, effective immediately," Hegseth said in a video posted online. "We will continue to monitor and counter all threats to our military infrastructure and online networks."
The Pentagon has awarded billions in cloud computing contracts to major tech companies as part of its modernization strategy. Cybersecurity has been a growing concern after a series of high-profile hacks—some traced back to state-sponsored actors in China and Russia—targeted U.S. government and corporate systems, including Microsoft's own networks.
While Microsoft maintains that proper disclosure protocols were followed, the company's use of Chinese engineers—even under supervision—has reignited debate over foreign access to sensitive military systems.
The review launched by Hegseth will assess whether additional safeguards are necessary and whether similar practices have occurred with other vendors.
