No More Digital Backdoors: Microsoft Ends Use of China-Based Engineers on U.S. Military Projects

July 20, 2025 – In the wake of a damning ProPublica exposé and swift scrutiny from Capitol Hill, Microsoft announced Friday that it will no longer rely on China-based engineers to provide technical assistance for U.S. military cloud services. This move comes amid growing concerns over supply chain security and the exposure of critical defense infrastructure to foreign adversaries.

The investigation revealed a startling operational model: Chinese engineers were assisting on Pentagon-related cloud computing projects while being “supervised” by U.S.-cleared subcontractors—termed “digital escorts”—who often lacked the technical expertise to evaluate potential cyber threats. The revelations ignited immediate concern, particularly given Microsoft’s track record of having been breached by both Chinese and Russian state-sponsored actors.

Microsoft said it had disclosed this setup to the U.S. government during authorization processes, but that wasn’t enough to quiet critics. On Friday, company spokesperson Frank Shaw stated on X that Microsoft had revised its support protocols to ensure “no China-based engineering teams are providing technical assistance” on Defense Department projects.

The fallout didn’t stop there.

Senator Tom Cotton, a leading voice on intelligence and national security, sent a formal letter to newly confirmed Defense Secretary Pete Hegseth demanding answers. Cotton, who serves on both the Senate Intelligence and Armed Services Committees, requested a full list of contractors utilizing Chinese personnel and details about how “digital escorts” are trained to recognize suspicious or malicious behavior.

Cotton’s letter underscored the gravity of the threat:

“The U.S. government recognizes that China’s cyber capabilities pose one of the most aggressive and dangerous threats to the United States,” he wrote. “The U.S. military must guard against all potential threats within its supply chain, including those from subcontractors.”

Responding swiftly, Secretary Hegseth released a video on X, announcing a two-week review of all Defense Department cloud contracts and an immediate halt to any China-based involvement.

“China will no longer have any involvement whatsoever in our cloud services, effective immediately,” Hegseth declared. “We will continue to monitor and counter all threats to our military infrastructure and online networks.”

Why This Matters

This isn’t just about Microsoft. It’s about the deeper vulnerabilities that remain hidden in our digital supply chains—particularly in defense technology. When contractors outsource engineering support to adversarial states—even with “oversight”—they gamble with national security.

This incident exposes a hard truth: the fusion of globalization and cloud computing has outpaced our ability to protect sensitive government systems. It also illustrates the urgency of realigning procurement, security clearance protocols, and cybersecurity audits to reflect geopolitical realities.

As someone who has helped safeguard the digital infrastructure for millions of federal employees, I know firsthand that we cannot afford to be naïve. The era of digital backdoors must come to an end.

The Defense Department’s new leadership has taken a bold and necessary first step. Now, the rest of the federal contracting ecosystem must follow.