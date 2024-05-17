The Pentagon is looking at expanding its use of Microsoft software across all components starting next month, according to a draft memo obtained by Axios. Why it matters: The tech upgrade is spurring concerns among competitor cybersecurity and software vendors interested in coveted defense contracts.

Zoom in: The Pentagon is pushing all department components to start upgrading to Microsoft's E5 licenses by June 3 to support its ongoing zero trust transition, according to the memo.

The E5 license gives organizations access to Microsoft 365 Defender and other tools that help with insider risk management, identity protection and more.

If the memo is published as-is, Department of Defense offices would have until June 2025 to complete the transition and install these new tools.

Catch up quick: The Pentagon has been working since 2022 to implement a new zero trust security strategy — which overhauls which employees have access to certain files and requires tougher identity verification tools — by the 2027 fiscal year.

Pentagon CIO John Sherman told DefenseScoop last week that the department has held "very candid discussions" with Microsoft about its cybersecurity strategies after a data breach last year.

What they're saying: Timothy Gorman, a Pentagon spokesperson, told Axios that the Microsoft E5 upgrades are just "one solution in addition to many other integrated solutions" that DOD is implementing as part of the strategy.

"There is a draft internal memo in coordination to clearly communicate our leadership's intent," he added.

David McKeown, DOD's deputy CIO for cybersecurity, mentioned the planned upgrades during remarks at the RSA Conference's public-sector day last week, Gorman said.

A Microsoft spokesperson said in a statement that its zero-trust platform "emphasizes proactive, integrated, and automated security measures," and it has capabilities for DOD's zero-trust plans.

The big picture: Ever since Microsoft uncovered a Chinese hack of some government officials' email inboxes last summer, tensions between parts of Washington and the tech giant have been high.

A government advisory board released a report last month saying the attack was "preventable and should never have occurred."

An aide for the House Homeland Security Committee told Axios on Wednesday that they're working with Microsoft to find a date for a potential hearing on the company's cybersecurity approach.

Microsoft has also overhauled its internal cybersecurity strategies in response to the incident.

Yes, but: Industry groups are concerned that the Pentagon will open itself up to increased security flaws if it deepens its relationship with Microsoft.

"It is concerning for any department to further entrench itself into Microsoft's ecosystem before the company has demonstrated that it has satisfied the recommendations of the [Cyber Safety Review Board] report," Ryan Triplette, executive director of the Coalition for Fair Software Licensing, told Axios.

Triplette added that the E5 licenses come at a "significantly increased cost" and could limit other vendors' ability to compete for contracts or assist in any government security incidents.

The bottom line: Microsoft was already working with the department to help with the zero-trust transition, and typically draft guidance like this wouldn't receive as much scrutiny.