Facebook
X
LinkdIn
Copy Link
The Trump administration and Republican leaders in Congress are beginning to look into Microsoft seriously. On August 28, Defense Secretary Pete Hegseth suspended a program which had Microsoft farming out Department of Defense cloud storage contracts to Chinese engineers. “If you’re thinking ‘America first,’ and common sense, this doesn’t pass either of those tests,” he said. Commenting on the project a few weeks later, Senator Tom Cotton and Representative Elise Stefanik wrote: “Microsoft’s role as a trusted contractor for our federal government means this is not a routine cyber vulnerability, but a direct threat to our national security.” It seems the techlash is coming for Microsoft – and not a moment too soon.
While other tech giants were selling data, Microsoft has been building a monopoly on federal tech contracts
Chinese outsourcing is just the tip of the iceberg. While other tech giants have been publicly censoring your thoughts and selling your data, Microsoft has been quietly and diplomatically building a monopoly on federal tech contracts. Anyone who has worked for the government knows they use Windows. And they only use computers that run Windows as their default. Many new hires spend their first week speaking to IT because almost nothing worked. This is what a monopoly feels like – everything is broken and nothing improves. Why doesn’t the government just buy a better product? Indeed, the Government Accountability Office estimated in May that federal agencies could realize significant cost savings – potentially hundreds of millions of dollars annually – by reducing reliance on a single vendor.
The problem is the dependency business model: Microsoft’s productivity software has such an immense footprint that it becomes the default option. The idiosyncrasies of Microsoft products have become the market standard. And when you buy a product like Microsoft Office, it comes bundled with Entra ID (formerly known as Azure Active Directory) or Defender, which installs automatically, or with load-bearing connections to Microsoft’s cloud products.
Since 2019, Microsoft has changed its licensing policies to make running its software on non-Microsoft cloud providers more expensive. As Microsoft services are so pervasive in government IT, this soft pressure tends to create a ratchet effect, favoring Microsoft’s cloud and crowding out other providers that may be more technically advanced.
This makes Microsoft the easy choice to stick with because if you want to change one program, you have to spend the time and money to change them all. But officials are busy, so they won’t. It’s vendor lock-in at the government level, a cyclical dependence between Microsoft’s cloud infrastructure and its dominant software products. The result is a Microsoft monopoly on the United States government’s workflows: the company sells the federal government more than 80 percent of its productivity software.
But is Microsoft a worthy steward of the data that Americans have unwittingly entrusted to it? Cyberattacks have been commonplace. Take the 2020 SolarWinds attack: state-sponsored Russian hackers injected offensive code into Orion IT monitoring software. The attackers then exploited weaknesses in Microsoft’s cloud and authentication services to impersonate legitimate users and escalate their access to files and systems throughout the executive branch. Vital security features were unavailable to most government agencies because access to these features required very expensive subscriptions. With the agencies blind, attackers were able to infiltrate and stay within federal government systems for months, stealing sensitive information.
Then in July this year, Microsoft suffered a major “zero-day” attack on its sharepoint servers. This went unpatched for almost two weeks, leaving hackers free to exfiltrate data, wipe records and steal cryptographic keys to allow reentry into the servers later. Microsoft clearly knew this kind of attack was possible. Weeks earlier, Microsoft security researchers had publicly demonstrated the underlying vulnerability at a hacking conference. But it appears that they didn’t address it. By failing to implement a fix after exposing the flaw publicly, Microsoft may have inadvertently prompted malicious actors to exploit it.
It’s hard to imagine the Trump administration sitting idly by while Facebook or Apple compromised US interests at this scale. Indeed, those companies have been largely beaten by the Republican party. So why does Microsoft get away with it? It’s not like the company’s been donning a MAGA hat for the past decade: the company helped police content during the 2020 election with its Defending Democracy initiative and Election Integrity Partnership. It subsidized Newsguard, a national security-cleared company that flagged “disinformation” (you can imagine what counted) and integrated this censorship into its search engines and web browsers. Microsoft was also instrumental in creating then-president Biden’s failed Disinformation Governance Board. As described by the Foundation for Freedom Online at the time, Microsoft “helped build the censorship industry.”
It appears there is finally a shift underway, as it dawns on the Trump administration that the government’s attachment to Microsoft could become a national security threat. The Federal Trade Commission’s Chairman Andrew Ferguson is investigating Microsoft’s anticompetitive practices. On the regulatory side, the administration should consider mandating pricing parity for Microsoft software products across cloud providers and permitting customers to bring previously purchased software to the cloud provider of their choice. The government has options, including basic incentives: it can reward agencies that find creative ways to diversify their tech purchases without jeopardizing security and compatibility. In other words, give Microsoft some real competitors. This administration is usually not afraid to take on the tech giants. But of all fights to pick in the tech world, one with Microsoft is most important. If the US lets the AI revolution bind it even further to the Microsoft suite, it may become an impossible tie to break.
This article was originally published in The Spectator’s October 27, 2025 World edition.
Leave a Reply