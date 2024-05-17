Skip to main content
May 17, 2024 - Technology

Pentagon weighs Microsoft licensing upgrades

Illustration of the Microsoft logo wearing a soldier's helmet.  

Illustration: Aïda Amer/Axios

The Pentagon is looking at expanding its use of Microsoft software across all components starting next month, according to a draft memo obtained by Axios.

Why it matters: The tech upgrade is spurring concerns among competitor cybersecurity and software vendors interested in coveted defense contracts.

Zoom in: The Pentagon is pushing all department components to start upgrading to Microsoft's E5 licenses by June 3 to support its ongoing zero trust transition, according to the memo.

  • The E5 license gives organizations access to Microsoft 365 Defender and other tools that help with insider risk management, identity protection and more.
  • If the memo is published as-is, Department of Defense offices would have until June 2025 to complete the transition and install these new tools.

Catch up quick: The Pentagon has been working since 2022 to implement a new zero trust security strategy — which overhauls which employees have access to certain files and requires tougher identity verification tools — by the 2027 fiscal year.

  • Pentagon CIO John Sherman told DefenseScoop last week that the department has held "very candid discussions" with Microsoft about its cybersecurity strategies after a data breach last year.

What they're saying: Timothy Gorman, a Pentagon spokesperson, told Axios that the Microsoft E5 upgrades are just "one solution in addition to many other integrated solutions" that DOD is implementing as part of the strategy.

  • "There is a draft internal memo in coordination to clearly communicate our leadership's intent," he added.
  • David McKeown, DOD's deputy CIO for cybersecurity, mentioned the planned upgrades during remarks at the RSA Conference's public-sector day last week, Gorman said.
  • A Microsoft spokesperson said in a statement that its zero-trust platform "emphasizes proactive, integrated, and automated security measures," and it has capabilities for DOD's zero-trust plans.

The big picture: Ever since Microsoft uncovered a Chinese hack of some government officials' email inboxes last summer, tensions between parts of Washington and the tech giant have been high.

  • A government advisory board released a report last month saying the attack was "preventable and should never have occurred."
  • An aide for the House Homeland Security Committee told Axios on Wednesday that they're working with Microsoft to find a date for a potential hearing on the company's cybersecurity approach.
  • Microsoft has also overhauled its internal cybersecurity strategies in response to the incident.

Yes, but: Industry groups are concerned that the Pentagon will open itself up to increased security flaws if it deepens its relationship with Microsoft.

  • "It is concerning for any department to further entrench itself into Microsoft's ecosystem before the company has demonstrated that it has satisfied the recommendations of the [Cyber Safety Review Board] report," Ryan Triplette, executive director of the Coalition for Fair Software Licensing, told Axios.
  • Triplette added that the E5 licenses come at a "significantly increased cost" and could limit other vendors' ability to compete for contracts or assist in any government security incidents.

The bottom line: Microsoft was already working with the department to help with the zero-trust transition, and typically draft guidance like this wouldn't receive as much scrutiny.

  • But the proposed guidance comes as competitors and officials are hawkishly watching Microsoft's every move due to the high-profile attacks.
