HomeWinBuzzer NewsConcerns Mount Over Microsoft's Control and Security Failures in Federal IT

Concerns Mount Over Microsoft’s Control and Security Failures in Federal IT

US government reliance on Microsoft for IT raises security concerns. Expert suggests fostering competition and holding Microsoft accountable


The United States federal government's reliance on for IT infrastructure has come under scrutiny, with concerns being raised about the company's significant control and recent security lapses. AJ Grotto, a former senior White House cyber policy director, has voiced his concerns, suggesting that Microsoft's dominance in the sector poses a risk. Grotto's comments to The Register come in the wake of several high-profile security breaches, including incidents involving SolarWinds and unauthorized access by foreign entities to US government emails through Microsoft's platforms.

Security Lapses and Federal Response

Grotto points to specific instances where Microsoft's practices have directly impacted federal security measures. Notably, during the SolarWinds breach, Microsoft was criticized for not providing adequate logging capabilities by default, a decision that complicated the federal government's ability to assess its vulnerability. Despite Microsoft's significant revenue from security services, estimated at around $20 billion last year, the company was reluctant to make concessions without external pressure. This behavior, according to Grotto, illustrates Microsoft's leverage over the federal government and its willingness to use it to its advantage.

Strategies for Mitigating Risk

To address the risks associated with Microsoft's dominance, Grotto suggests that the federal government should focus on fostering competition within the IT sector. He advocates for public scrutiny of Microsoft's practices to ensure accountability and encourage a market-driven response to security concerns. By highlighting Microsoft's missteps and exploring alternatives, Grotto believes that market incentives could motivate Microsoft to prioritize security and reduce its control over federal IT infrastructure. The goal is to create a more secure and competitive environment that diminishes the national security risks currently associated with Microsoft's dominance.

Ongoing Concerns Over Email Access

Just last week, The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an Emergency Directive following the discovery that Russian espionage operatives, known as Midnight Blizzard or Cozy Bear, infiltrated Microsoft's email system. The breach, which was first reported earlier this year, allowed the hackers to access and exfiltrate sensitive data, including email correspondences between Federal Civilian Executive Branch (FCEB) agencies and Microsoft. 

CISA's Emergency Directive ED 24-02 mandates federal agencies to conduct a thorough review of the compromised emails, reset any exposed credentials, and bolster the security of authentication tools, particularly for privileged Microsoft Azure accounts.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News