Microsoft\u2019s software licensing playbook is a national security risk | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-software-licensing-national-security\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Microsoft\u2019s software licensing playbook is a national security risk\"> <meta property=\"og:description\" content=\"The tech giant\u2019s model is built around anticompetitive practices, the head of the Coalition for Fair Software Licensing argues.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-software-licensing-national-security\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-07-28T10:00:00+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsofts-software-licensing-playbook-is-a-national-security-risk-2.jpg\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"652\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"mbracken\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1752617955g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1752617143g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/85325\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=85325\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-software-licensing-national-security%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-software-licensing-national-security%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-85325 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-software-licensing-national-security\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.840787119857\">\n<div class=\"single-article__header-content\" readability=\"34.757575757576\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/microsoft-software-licensing-national-security\/\"> <span>Commentary<\/span> <\/a> <\/li>\n<\/ul>\n<p> The tech giant\u2019s model is built around anticompetitive practices, the head of the Coalition for Fair Software Licensing argues. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/85325\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"408\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsofts-software-licensing-playbook-is-a-national-security-risk.jpg?resize=640%2C408&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsofts-software-licensing-playbook-is-a-national-security-risk-2.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsofts-software-licensing-playbook-is-a-national-security-risk-2.jpg?resize=300,191 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsofts-software-licensing-playbook-is-a-national-security-risk-2.jpg?resize=768,489 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsofts-software-licensing-playbook-is-a-national-security-risk-2.jpg?resize=600,382 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsofts-software-licensing-playbook-is-a-national-security-risk-2.jpg?resize=264,168 264w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsofts-software-licensing-playbook-is-a-national-security-risk-2.jpg?resize=529,337 529w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"><figcaption> A corporate logo for Microsoft hangs above the door to its office building on 8th Avenue on June 24, 2025, in New York City. (Photo by Gary Hershorn\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"46.935576371631\"><body readability=\"94.058754175673\"><\/p>\n<p>News of two major Microsoft security events in as many weeks should concern every federal agency, not just because of the breaches themselves, but because of what they reveal about how the company does business.<\/p>\n<p>First, <a href=\"https:\/\/www.propublica.org\/article\/microsoft-digital-escorts-pentagon-defense-department-china-hackers\">ProPublica uncovered<\/a> that Microsoft allowed Chinese engineers to work on sensitive U.S. military cloud projects under the supervision of underqualified subcontractors. Then came a <a href=\"https:\/\/cyberscoop.com\/microsoft-sharepoint-attacks-400-victims-us-agencies\/\">global cyberattack<\/a> exploiting a critical flaw in Microsoft SharePoint, one still without a known fix, breaching U.S. agencies, universities, and energy firms. <\/p>\n<p>These aren\u2019t isolated incidents. They\u2019re symptoms of a business model built around restrictive and anticompetitive software licensing practices.<\/p>\n<p>Time and again, Microsoft\u2019s security failures turn into federal growth opportunities. After cyberattacks in 2021, <a href=\"https:\/\/www.propublica.org\/article\/microsoft-white-house-offer-cybersecurity-biden-nadella\">Microsoft promised the Biden administration<\/a> $150 million in free cybersecurity upgrades. What wasn\u2019t said upfront? These freebies locked agencies into Microsoft tools, making it costly and complex to switch. Once agencies were locked in, Microsoft raised prices. This wasn\u2019t charity or goodwill on Microsoft\u2019s behalf: It was a calculated move to crowd out competitors, win long-term contracts, and deepen federal dependence on Microsoft\u2019s ecosystem.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Then, in 2023, Chinese hackers known as Storm-0558 <a href=\"https:\/\/cyberscoop.com\/china-hackers-email-us-government\/\">exploited a vulnerability<\/a> in Microsoft\u2019s cloud email service. They breached more than 500 individuals and 22 organizations worldwide, including senior U.S. government officials. A 34-page report by the <a href=\"https:\/\/cyberscoop.com\/microsoft-csrb-china-hacking\/\">Cyber Safety Review Board <\/a>(CSRB) later described Microsoft\u2019s security culture as \u201cinadequate,\u201d warning it \u201crequires an overhaul\u201d given the company\u2019s central role in the tech ecosystem. It said Microsoft\u2019s CEO and board should institute \u201crapid cultural change,\u201d including publicly sharing \u201ca plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products.\u201d<\/p>\n<p>The CSRB also criticized Microsoft\u2019s delayed and opaque communications. The company waited until March 2024 to correct a misleading September 2023 blog post about the cause of the breach, after months of questioning from investigators.<\/p>\n<p>Meanwhile, in early 2024, Russian hackers known as Midnight Blizzard infiltrated <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/366572833\/Midnight-Blizzard-accessed-Microsoft-systems-source-code?Offer=ab_ss_reeng_plt_var1\">Microsoft\u2019s corporate systems<\/a>. Initially described as a limited incident, Microsoft later admitted that the breach was far more extensive: The hackers accessed sensitive internal emails, and even Microsoft\u2019s source code. According to the company, Midnight Blizzard may now be using information found in customer emails to <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/10\/29\/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files\/\">pursue further attacks<\/a>.<\/p>\n<p>At a<a href=\"https:\/\/www.techpolicy.press\/transcript-house-of-homeland-security-hearing-on-assessing-microsofts-cybersecurity-shortfalls\/\"> June 2024 House Committee on Homeland Security<\/a> hearing to address the series of cybersecurity incidents, Brad Smith, Microsoft\u2019s vice chair and president, testified that the \u201cbad news for the folks who want to sell plan B\u201d is that public sector clients \u201cdon\u2019t want to switch. They want us to get it right and we have to get it right to deserve their business.\u201d<\/p>\n<p>Smith is half right; customers don\u2019t see a plan B, but that\u2019s because their choice to switch providers has been effectively cut off. At the core of all of this is Microsoft\u2019s software licensing strategy. The company routinely ties its core productivity software to an ever-growing bundle (which at the upper tier includes over 30 products), limits integrations with third-party providers, making it difficult for customers to diversify their system, and restricts how customers can use their previously purchased software on other cloud providers. These practices are not just business tactics that lock-in customers \u2014 they are very real security concerns. Every single customer who received an alert from Microsoft over the weekend regarding the SharePoint hack has had to learn that the hard way. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>In addition to exposing companies to cybersecurity vulnerabilities, these practices also raise significant antitrust concerns \u2014 and are under scrutiny from regulators around the world, including reportedly by the <a href=\"https:\/\/www.nbcnews.com\/business\/business-news\/ftc-opens-broad-antitrust-investigation-microsoft-rcna182098\">Federal Trade Commission<\/a>. <\/p>\n<p>Microsoft\u2019s largest customer \u2014 the U.S. government \u2014 needs to wake up to this threat. When customers license Microsoft software, they aren\u2019t just buying tools \u2014 they\u2019re buying into a system where exit is difficult, choice is limited, and security is too often an exposure.<\/p>\n<p>The question isn\u2019t whether Microsoft will respond to its latest failures. The company\u2019s decades-long playbook \u2014 blaming the government for not doing more, then offering free upgrades post-breach only to raise prices and deepen lock-in \u2014 suggests they will deflect with a \u201cnothing to see here\u201d approach while capitalizing on vulnerabilities. <\/p>\n<p>The real question is whether the government will continue to accept a model that turns licensing restrictions into national dependence and vulnerabilities into profit, and repeatedly exposes our nation\u2019s most critical information to those who wish to harm us.<\/p>\n<p><em>Ryan Triplette is executive director of the Coalition for Fair Software Licensing.<\/em><\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.3191489361702\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsofts-software-licensing-playbook-is-a-national-security-risk-1.jpg?w=640&ssl=1\" alt=\"Ryan Triplette\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Ryan Triplette<\/h4>\n<p> Ryan Triplette is executive director of the Coalition for Fair Software Licensing. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-software-licensing-national-security\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft\u2019s software licensing playbook is a national security risk |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[280,625,2968],"tags":[284,630,2970],"class_list":["post-7829","post","type-post","status-publish","format-standard","hentry","category-commentary","category-microsoft","category-software","tag-commentary","tag-microsoft","tag-software"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/commentary\/\" rel=\"category tag\">Commentary<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/software\/\" rel=\"category tag\">software<\/a>","tag_info":"software","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7829","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7829"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7829\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7829,"date":"2025-07-28T05:00:00","date_gmt":"2025-07-28T10:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=85325"},"modified":"2025-07-28T05:00:00","modified_gmt":"2025-07-28T10:00:00","slug":"microsofts-software-licensing-playbook-is-a-national-security-risk","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/07\/28\/microsofts-software-licensing-playbook-is-a-national-security-risk\/","title":{"rendered":"Microsoft\u2019s software licensing playbook is a national security risk"},"content":{"rendered":"