The Federal Trade Commission (FTC) has launched an investigation into Microsoft's cybersecurity dealings with federal government agencies, examining potential antitrust violations in how the tech giant secured these contracts.
The probe centers on Microsoft's response to the 2020 SolarWinds cyberattack, when the company offered to help government departments upgrade their security infrastructure using Microsoft products. While these upgrades started as free trials, they later transitioned into expensive subscription fees once agencies had become reliant on the systems.
The FTC has now subpoenaed Microsoft for information about these arrangements, which critics say unfairly locked government customers into the company's ecosystem while blocking competition from rivals like Google and Amazon.
A key focus of the investigation is Microsoft's cloud platform Azure. According to reports, government divisions that adopted Microsoft's security products eventually purchased additional Azure-based services, raising questions about the company's sales tactics. One former Microsoft employee likened the strategy to creating customer dependency.
The investigation also scrutinizes how Microsoft may have circumvented standard government contract bidding processes. Instead of allowing competitive bids from multiple vendors, the company allegedly leveraged the SolarWinds crisis to directly place its products across federal agencies.
Critics argue this approach has made government systems overly dependent on a single vendor, potentially increasing rather than decreasing security risks. They point out that a more diverse set of security solutions from multiple providers could offer better protection against cyber threats.
The timing of Microsoft's security offering has also raised eyebrows. The SolarWinds breach itself exploited a vulnerability in Microsoft's software - a flaw the company had reportedly been warned about years before the attack.
While Microsoft maintains its free trial period was simply a "100 percent discount" on existing contracts, investigators are examining whether these arrangements constituted illegal gratuities under federal law.
The investigation's future remains uncertain as it continues under a new administration, but its outcome could reshape how tech companies engage in cybersecurity contracts with federal agencies.