Microsoft’s Use of Chinese Tech Support Sparks Fears Over U.S. Government Data Exposure.

TL;DR Executive Brief

At the heart of Microsoft’s controversial arrangement is a system that was designed as a compromise between security requirements and corporate efficiency. For nearly ten years, the tech giant has used what it calls “digital escorts”—U.S. citizens with security clearances who serve as intermediaries between foreign engineers and sensitive government systems.

The system works by having Chinese engineers provide technical instructions to these American escorts, who then execute commands on federal networks without necessarily understanding the full implications of what they’re doing. These workers, known as “digital escorts,” often lack the technical expertise to police foreign engineers with far more advanced skills, ProPublica found. Some are former military personnel with little coding experience who are paid barely more than minimum wage for the work.

The arrangement was conceived in the early 2010s when Microsoft sought to win lucrative federal cloud computing contracts while maintaining its global workforce structure. Microsoft developed the escort arrangement to satisfy Defense Department officials who were concerned about the company’s foreign employees, given the department’s citizenship requirements for people handling sensitive data.

Indy Crowley, a senior Microsoft program manager dubbed the “FedRAMP whisperer” for his familiarity with government regulations, played a key role in developing the concept. He told ProPublica that hiring virtual escorts emerged as “the path of least resistance” when Defense Department officials raised concerns about Microsoft’s global workforce potentially handling sensitive data.

While initial reports focused on Microsoft’s use of Chinese support for Defense Department systems, subsequent investigations revealed the practice extends far beyond military applications. The company has used its global workforce, including China-based personnel, to maintain cloud systems for multiple federal departments and agencies.

For years, Microsoft has also used its global workforce, including China-based personnel, to maintain the cloud systems of other federal departments, including parts of Justice, Treasury and Commerce, ProPublica has found.

The work has taken place within what’s known as the Government Community Cloud (GCC), a platform designed for information that isn’t classified but is nonetheless sensitive. According to government standards, this includes data where “the loss of confidentiality, integrity, and availability would result in serious adverse effect on an agency’s operations, assets, or individuals.”

Specific examples of GCC usage include:

• The Justice Department’s Antitrust Division using the platform for criminal and civil investigation and litigation functions
• Parts of the Environmental Protection Agency utilizing GCC services
• The Department of Education maintaining systems on the platform

This broader scope of foreign access has alarmed cybersecurity experts who warn that even unclassified government data can provide valuable intelligence to foreign adversaries.

One of the most concerning aspects of the digital escort system is the significant disparity in technical expertise between the American escorts and the Chinese engineers they’re supposed to supervise. This skills gap creates a fundamental vulnerability that experts say undermines the entire security premise of the arrangement.

“We’re trusting that what they’re doing isn’t malicious, but we really can’t tell,” said one current escort who agreed to speak on condition of anonymity, fearing professional repercussions.

The problem is structural and intentional. Microsoft has acknowledged that escorts are primarily there to ensure compliance with data handling procedures rather than to provide technical oversight. Matthew Erickson, a former Microsoft engineer who worked on the escort system, explained that “If someone ran a script called ‘fix_servers.sh’ but it actually did something malicious then [escorts] would have no idea.”

The recruitment of escorts reflects these limited expectations. A Microsoft contractor posted an advertisement in January 2025 seeking an escort for $18 per hour, with the primary requirement being a Defense Department security clearance rather than technical expertise.

“People are getting these jobs because they are (security) cleared, not because they’re good engineers,” said the escort who agreed to speak anonymously and who works for Insight Global.

This arrangement means that each month, Microsoft’s escort team fields hundreds of interactions with China-based engineers and developers, essentially serving as conduits for foreign technical instructions into federal networks without meaningful oversight capability.

The vulnerabilities inherent in Microsoft’s approach became starkly apparent in July 2025 when Chinese state-sponsored hackers exploited vulnerabilities in SharePoint, Microsoft’s widely used collaboration software. The attack compromised hundreds of companies and government agencies, including the National Nuclear Security Administration (NNSA)and the Department of Homeland Security (DHS).

What made this incident particularly troubling was ProPublica’s subsequent discovery that support for SharePoint is handled by a China-based engineering team that has been responsible for maintaining the software for years.

The timeline of the SharePoint attack reveals the complexity of the security challenges:

• Chinese hackers began exploiting SharePoint weaknesses as early as July 7, 2025
• Microsoft released a patch on July 8, but hackers bypassed it
• The company subsequently issued a new patch with “more robust protections”
• The vulnerabilities enabled hackers to “fully access SharePoint content, including file systems and internal configurations, and execute code over the network”

While there’s no evidence that Microsoft’s China-based SharePoint team played a role in the attack, the coincidence highlighted the potential risks of having Chinese personnel maintaining software that American adversaries were simultaneously attacking.

National security and cybersecurity experts have expressed alarm at the revelations, with many surprised that such arrangements existed at all. Harry Coker, a former senior executive at the CIA and National Security Agency who also served as national cyber director during the Biden administration, told ProPublica that the digital escort system presents an obvious opportunity for espionage.

“If I were an operative, I would look at that as an avenue for extremely valuable access. We need to be very concerned about that,” said Harry Coker, who was a senior executive at the CIA and the National Security Agency.

The concerns are grounded in both the technical realities of the arrangement and the legal framework governing data collection in China. Jeremy Daum, a senior research fellow at the Paul Tsai China Center at Yale Law School, explained that Chinese laws allow government officials to collect data “as long as they’re doing something that they’ve deemed legitimate.” He noted that it would be “difficult for any Chinese citizen or company to meaningfully resist a direct request from security forces or law enforcement.”

Rex Booth, a former federal cybersecurity official who now serves as chief information security officer of SailPoint, emphasized that the risks extend beyond traditional classified information concerns:

“With so much data stored in cloud services — and the power of AI to analyze it quickly — even unclassified data can reveal insights that could harm U.S. interests.”

Harry Coker, Former Senior Executive at CIA and NSA

The revelations have triggered swift responses from both Congress and the executive branch. Defense Secretary Pete Hegseth launched an immediate review of the practices, stating on social media that

“Foreign engineers — from any country, including of course China — should NEVER be allowed to maintain or access DoD systems.”

Bipartisan Congressional concern has emerged, with Senators Tom Cotton (R-Arkansas) and Jeanne Shaheen (D-New Hampshire) writing letters to Secretary Hegseth demanding more information about Microsoft’s China-based support arrangements. The Congressional interest reflects growing awareness of China as a cyber threat and broader concerns about technological dependencies on foreign nations.

John Sherman, who served as chief information officer for the Department of Defense during the Biden administration, expressed surprise at the findings and called for a “thorough review by DISA, Cyber Command and other stakeholders that are involved in this.”

Defense Secretary Pete Hegseth Says No Foreign Technical Support at DoD

Faced with the public revelation of its practices, Microsoft moved quickly to address immediate concerns while defending its overall approach. The company announced that it would no longer use China-based engineering teams to support Defense Department cloud computing systems and suggested similar changes might be coming for other government customers.

In a statement, Microsoft said: “Microsoft took steps last week to enhance the security of our DoD Government cloud offerings. Going forward, we are taking similar steps for all our government customers who use Government Community Cloud (GCC) to further ensure the security of their data.”

However, the company’s response raised as many questions as it answered. Microsoft declined to specify what would replace its Chinese support teams, whether digital escorts would continue to be used, or whether support would come from engineers based in other foreign countries. The company also said it would “conduct a review to assess whether additional measures are needed” over the following month.

Robert E. LaMear IV, the founder of US Cloud offered this solution. US Cloud is the leading third-party support provider for Microsoft enterprise software.

“Microsoft should replace its Chinese support teams with US Cloud. We’d be willing to aggressively work to meet agency clearance requirements –we were built from the ground up to meet Federal data sovereignty and citizenship requirements. Or the agencies can contract with us directly.”

Regarding the SharePoint team specifically, Microsoft acknowledged the China-based engineering team but emphasized that it “is supervised by a US-based engineer and subject to all security requirements and manager code review. Work is already underway to shift this work to another location.”

The digital escort revelations fit into a broader pattern of Microsoft security issues that have concerned government officials and cybersecurity experts. ProPublica noted that Microsoft has “repeatedly prioritized corporate profit over customer security,” including a previous incident where the company ignored engineer warnings about a product flaw that Russian state-sponsored hackers later exploited in one of the largest cyberattacks in history.

As a harbinger of Microsoft Gov support being outsourced to China, a year earlier the DoD’s Acquisition Program Manager, Prescott Paulin, posted this video on LinkedIn in 2024 showing Microsoft referring him to a Chinese call center when he had problems accessing his “defense-related accounts after hours.” Microsoft incident support tracking ID: 2407040040000430.

The escort system itself emerged during a period when Microsoft was aggressively pursuing federal cloud contracts, with colleagues dubbing one key architect the “FedRAMP whisperer” for his ability to navigate government security requirements. The arrangement allowed Microsoft to maintain its cost-effective global workforce structure while satisfying surface-level compliance with federal security requirements.

Prescott Paulin, DoD Acquistion Program Manager, 2024 Microsoft Support Outsourced to China Video

ProPublica’s investigation revealed that concerns about the digital escort system existed within Microsoft and among its contractors from the beginning. Various people involved in the work, including a Microsoft cybersecurity leader, warned the company that the arrangement was inherently risky, but Microsoft “launched and expanded it anyway.”

One particularly notable case involved Tom Schiller, a former Insight Global contractor who contacted a Defense Department hotline and wrote to several federal lawmakers in 2024 to warn about digital escorting. His complaints eventually reached the Defense Information Systems Agency Office of the Inspector General, which conducted interviews but ultimately referred the matter back to DISA management rather than pursuing an investigation.

Current escorts have also raised concerns. One Insight Global employee told ProPublica they had “repeatedly raised concerns about the knowledge gap to Microsoft, over several years and as recently as April, and to Insight Global’s own attorneys.” The escort said they were particularly worried about Chinese laws granting broad data collection authority and the exposure this created for U.S. government networks.

The Microsoft revelations have broader implications for how the federal government approaches cloud computing and IT modernization. The incident highlights fundamental tensions between cost efficiency, technical expertise, and security requirements that have shaped government technology adoption for the past decade.

The federal government’s embrace of cloud computing was driven largely by promises of cost savings, improved efficiency, and access to cutting-edge technology. However, the Microsoft case demonstrates how these benefits can come with hidden security costs that aren’t immediately apparent to government buyers or oversight agencies.

The situation also raises questions about the adequacy of current government oversight mechanisms. Despite the escort system being in place for nearly a decade, it appears that even senior Defense Department officials were unaware of its existence. This suggests significant gaps in how government agencies understand and monitor their technology vendors’ practices.

As the government grapples with the implications of the Microsoft support revelations, fundamental questions remain about how to balance security requirements with the practical realities of operating in a global technology marketplace. The digital escort system represented one attempt to thread this needle, but its apparent failure suggests that more robust approaches may be necessary.

The incident may accelerate broader government efforts to reduce dependence on foreign personnel for critical technology functions, but this transition will likely come with significant costs and technical challenges. Building sufficient domestic technical capacity to handle complex government IT requirements represents a major undertaking that will require sustained investment and policy attention.

The Microsoft case also highlights the importance of transparency in government technology contracts. The fact that such a significant security arrangement operated for nearly a decade without public awareness suggests that current disclosure requirements may be inadequate for the complex realities of modern technology services.

Microsoft’s use of Chinese engineers to support U.S. government systems represents a case study in the unintended consequences of prioritizing efficiency over security in critical technology infrastructure. While the company’s digital escort system may have satisfied the letter of federal security requirements, it appears to have violated their spirit by creating vulnerabilities that sophisticated adversaries could potentially exploit.

The swift response from Microsoft, Congress, and the executive branch suggests recognition that the current arrangement is untenable given evolving geopolitical realities and cyber threats. However, the challenge of replacing these systems while maintaining government IT capabilities will require careful planning and significant resources.

As the United States continues to compete with China in technology and cyber capabilities, the Microsoft support revelations serve as a stark reminder that security cannot be treated as an afterthought in the design of critical systems. The cost of getting cybersecurity wrong—whether measured in compromised data, damaged national security, or lost public trust—far exceeds the short-term savings that might come from cutting corners on supply chain security requirements.

The ultimate resolution of this situation will likely set important precedents for how the government approaches technology vendor oversight and security requirements in an increasingly complex global marketplace. The stakes could not be higher, as the integrity of America’s digital infrastructure depends on getting these decisions right.