Microsoft rewarded for security failures with another US government contract
(2025/09/02)
- Reference: 1756832806
- News link: https://www.theregister.co.uk/2025/09/02/microsoft_rewarded_for_security_failures/
- Source link:
Microsoft, the latest tech firm to agree to big software discounts for the US government, is digging even deeper into its bargain bin than the competition by offering a year of free Copilot access to government agencies willing to put up with its other problem products.
The General Services Administration (GSA) [1]announced its new deal with Microsoft on Tuesday, describing it as a "strategic partnership" that could save the federal government as much as $3.1 billion over the next year. The GSA didn't mention specific discount terms, but it said that services, including Microsoft 365, Azure cloud services, Dynamics 365, Entra ID Governance, and Microsoft Sentinel, will be cheaper than ever for feds.
That, and Microsoft's [2]next-gen Clippy , also known as Copilot, is free to access for any agency with a [3]G5 contract as part of the new deal, too. That free price undercuts Google's previously [4]cheapest-in-show deal to inject Gemini into government agencies for just $0.47 for a year.
[5]
The GSA made this Microsoft deal as part of its [6]OneGov initiative, which seeks to centralize purchasing of products and services used across the government under a single contract. While the agency intends for OneGov to extend across the federal government, the first phase of the program focuses exclusively on IT contracts.
[7]
[8]
Though it only announced OneGov in April, the GSA has awarded contracts under the plan at a rapid pace, with Oracle the first firm to sign a deal in July. That agreement includes a [9]75 percent discount on its products to government agencies.
The agency wrote many of the other OneGov contracts to get AI products into the hands of government agencies. [10]OpenAI and [11]Anthropic both made deals with the GSA in August to provide a year of their services to agencies for $1 each, which Google undercut later last month.
[12]
Even [13]Box made an AI discount deal with the federal government, though it didn't disclose pricing. Outside of AI offerings, Amazon Web Services inked its own OneGov deal with the GSA to offer [14]discounted cloud services through 2028.
With the exception of AWS, all the other OneGov deals that have been announced so far have a very short shelf life, with most expirations at the end of 2026. Critics of the OneGov program have raised concerns that OneGov deals have set government agencies up for a new era of vendor lock-in not seen since the early cloud days, where one-year discounts leave agencies dependent on services that could suddenly become considerably more expensive by the end of next year.
Nicholas Chaillan, former US Air Force and Space Force chief software officer and founder of AI firm Ask Sage, told The Register in a recent conversation that he's protested the OpenAI, Anthropic, and Google deals, accusing the GSA of undermining its own rules on fair and open competition for government-wide contracts.
[15]
"Pricing this low is not about serving agencies – it's about forcing dependence on a single vendor, hiding future costs, and squeezing out fair competition," Chaillan told us in an email. "What looks cheap today will leave the government with higher costs, fewer options, and greater risk tomorrow."
Chillain told us that GSA hasn't made the OneGov contracts public so they could be scrutinized for any unfair elements. We've tried obtaining copies but the GSA hasn't acknowledged those requests. As with the other OneGov contracts, what happens to the discounts after the September 2026 end of the offering isn't clear.
The GSA's press release mentioned that discounted pricing will be available for "certain products" for up to 36 months, but the terms of those discounts or the specific products available weren't mentioned. Microsoft's [16]announcement of its new OneGov deal said those extended discounts will save the government as much as $6 billion over three years.
The GSA didn't respond to questions for this story.
Microsoft gets rewarded for security failures – again
Like other tech giants making OneGov deals, Microsoft will likely have to burn some capital to reap the monetary rewards from government agencies who grow dependent on its cheap or free software in the next year. Unlike those other tech giants making OneGov deals, however, Microsoft is yet again being rewarded by the US government with a pathway to profit after making a massive national security mistake.
It was mere days ago that we reported on the Pentagon's decision to [17]formally bar Microsoft from using [18]China-based engineers to support sensitive cloud services deployed by the Defense Department, a practice Defense Secretary Pete Hegseth called "mind-blowing" in a statement last week.
Then there was last year's episodes that allowed [19]Chinese and [20]Russian cyber spies to break into Exchange accounts used by high-level federal officials and steal a whole bunch of emails and other information. That incident, and plenty more before it, led former senior White House cyber policy director AJ Grotto to conclude that Microsoft was an honest-to-goodness [21]national security threat . None of that has mattered much, as the feds seem content to continue paying Microsoft for its services, despite wagging their finger at Redmond for " [22]avoidable errors ."
[23]Pentagon 'doubling down' on Microsoft despite 'massive hack,' senators complain
[24]Microsoft eggheads say AI can never be made secure – after testing Redmond's own products
[25]Microsoft answered Congress' questions on security. Now the White House needs to act
[26]Google takes shots at Microsoft for shoddy security record with enterprise apps
When it comes to government customers, using China-based support staff isn't Microsoft's only sin. The company had a [27]Sharepoint zero-day that it only "partially" addressed with July security updates. Suspected state-backed hackers used that vuln to target an unspecified "major western government," per the company.
That, senior cybersecurity and counterterrorism advisor for the Clinton and Bush II administrations Roger Cressey [28]told us last month, is among the reasons he considers Microsoft to be a continual gift to America's foreign adversaries, as the Sharepoint issue is just "the latest episode of a decades-long process of Microsoft not taking security seriously."
"The Chinese are so well prepared and positioned on Microsoft products that in the event of hostilities, we know for a fact that Chinese actors will target our critical infrastructure through Microsoft," Cressey told us in an interview last month.
When asked what it had done to improve its security posture, Microsoft declined to answer any of our questions directly, instead pointing us to its press release about today's GSA deal, specifically its section on security.
Agencies are safe to adopt Microsoft software, the company said, because "these services have already achieved key FedRAMP security and compliance authorizations." FedRAMP is the government's security approval process for cloud software.
"Microsoft 365, Azure and our key AI services are authorized at FedRAMP High," the company statement says. "Microsoft 365 Copilot received provisional authorization from the US Department of Defense, with FedRAMP High expected soon."
That's not exactly reassuring considering Microsoft's products have [29]variously been [30]authorized for government use [31]for [32]years , well before many of its recent security failings that affected federal agencies. ®
Get our [33]Tech Resources
[1] https://www.gsa.gov/about-us/newsroom/news-releases/multibillion-dollar-gsa-onegov-agreement-with-microsoft-brings-steep-discounts-09022025
[2] https://www.theregister.com/2025/04/18/microsoft_copilot_not_wanted/
[3] https://www.microsoft.com/en-us/microsoft-365/enterprise/government-plans-and-pricing
[4] https://www.theregister.com/2025/08/21/google_govt_discount_ai/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aLdo9r6Z1kHBdbAQgqztKAAAAMY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[6] https://www.gsa.gov/about-us/newsroom/news-releases/gsa-unveils-onegov-strategy-04292025
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aLdo9r6Z1kHBdbAQgqztKAAAAMY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aLdo9r6Z1kHBdbAQgqztKAAAAMY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[9] https://www.theregister.com/2025/07/08/gsa_oracle_deal/
[10] https://www.theregister.com/2025/08/06/google_openai_anthropic_us_gov_ai_deal/
[11] https://www.theregister.com/2025/08/12/gsa_inks_another_1dollar_onegov_deal/
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aLdo9r6Z1kHBdbAQgqztKAAAAMY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[13] https://www.theregister.com/2025/08/13/boxs_ai_agent_us_gov/
[14] https://www.theregister.com/2025/08/07/gsa_signs_1b_deal_with_aws/
[15] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aLdo9r6Z1kHBdbAQgqztKAAAAMY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[16] https://blogs.microsoft.com/blog/2025/09/02/accelerating-ai-adoption-for-the-us-government/
[17] https://www.theregister.com/2025/08/29/pentagon_ends_microsofts_use_of/
[18] https://www.theregister.com/2025/07/28/microsoft_china_staffers_us_govt_cloud/
[19] https://www.theregister.com/2024/04/03/cisa_microsoft_exchange_online_china_report/
[20] https://www.theregister.com/2024/04/12/microsoft_cisa_order/
[21] https://www.theregister.com/2024/04/21/microsoft_national_security_risk/
[22] https://www.theregister.com/2024/04/05/microsoft_government_contracts/
[23] https://www.theregister.com/2024/06/04/pentagon_doubling_down_on_microsoft/
[24] https://www.theregister.com/2025/01/17/microsoft_ai_redteam_infosec_warning/
[25] https://www.theregister.com/2024/06/15/microsoft_brad_smith_congress/
[26] https://www.theregister.com/2024/05/20/google_takes_shots_at_microsoft/
[27] https://www.theregister.com/2025/07/21/massive_security_snafu_microsoft/
[28] https://www.theregister.com/2025/08/08/exwhite_house_cyber_and_counterterrorism/
[29] https://marketplace.fedramp.gov/products/MSO365MT
[30] https://marketplace.fedramp.gov/products/FR1824057433
[31] https://marketplace.fedramp.gov/products/F1209051525
[32] https://marketplace.fedramp.gov/products/F1603087869
[33] https://whitepapers.theregister.com/
The General Services Administration (GSA) [1]announced its new deal with Microsoft on Tuesday, describing it as a "strategic partnership" that could save the federal government as much as $3.1 billion over the next year. The GSA didn't mention specific discount terms, but it said that services, including Microsoft 365, Azure cloud services, Dynamics 365, Entra ID Governance, and Microsoft Sentinel, will be cheaper than ever for feds.
That, and Microsoft's [2]next-gen Clippy , also known as Copilot, is free to access for any agency with a [3]G5 contract as part of the new deal, too. That free price undercuts Google's previously [4]cheapest-in-show deal to inject Gemini into government agencies for just $0.47 for a year.
[5]
The GSA made this Microsoft deal as part of its [6]OneGov initiative, which seeks to centralize purchasing of products and services used across the government under a single contract. While the agency intends for OneGov to extend across the federal government, the first phase of the program focuses exclusively on IT contracts.
[7]
[8]
Though it only announced OneGov in April, the GSA has awarded contracts under the plan at a rapid pace, with Oracle the first firm to sign a deal in July. That agreement includes a [9]75 percent discount on its products to government agencies.
The agency wrote many of the other OneGov contracts to get AI products into the hands of government agencies. [10]OpenAI and [11]Anthropic both made deals with the GSA in August to provide a year of their services to agencies for $1 each, which Google undercut later last month.
[12]
Even [13]Box made an AI discount deal with the federal government, though it didn't disclose pricing. Outside of AI offerings, Amazon Web Services inked its own OneGov deal with the GSA to offer [14]discounted cloud services through 2028.
With the exception of AWS, all the other OneGov deals that have been announced so far have a very short shelf life, with most expirations at the end of 2026. Critics of the OneGov program have raised concerns that OneGov deals have set government agencies up for a new era of vendor lock-in not seen since the early cloud days, where one-year discounts leave agencies dependent on services that could suddenly become considerably more expensive by the end of next year.
Nicholas Chaillan, former US Air Force and Space Force chief software officer and founder of AI firm Ask Sage, told The Register in a recent conversation that he's protested the OpenAI, Anthropic, and Google deals, accusing the GSA of undermining its own rules on fair and open competition for government-wide contracts.
[15]
"Pricing this low is not about serving agencies – it's about forcing dependence on a single vendor, hiding future costs, and squeezing out fair competition," Chaillan told us in an email. "What looks cheap today will leave the government with higher costs, fewer options, and greater risk tomorrow."
Chillain told us that GSA hasn't made the OneGov contracts public so they could be scrutinized for any unfair elements. We've tried obtaining copies but the GSA hasn't acknowledged those requests. As with the other OneGov contracts, what happens to the discounts after the September 2026 end of the offering isn't clear.
The GSA's press release mentioned that discounted pricing will be available for "certain products" for up to 36 months, but the terms of those discounts or the specific products available weren't mentioned. Microsoft's [16]announcement of its new OneGov deal said those extended discounts will save the government as much as $6 billion over three years.
The GSA didn't respond to questions for this story.
Microsoft gets rewarded for security failures – again
Like other tech giants making OneGov deals, Microsoft will likely have to burn some capital to reap the monetary rewards from government agencies who grow dependent on its cheap or free software in the next year. Unlike those other tech giants making OneGov deals, however, Microsoft is yet again being rewarded by the US government with a pathway to profit after making a massive national security mistake.
It was mere days ago that we reported on the Pentagon's decision to [17]formally bar Microsoft from using [18]China-based engineers to support sensitive cloud services deployed by the Defense Department, a practice Defense Secretary Pete Hegseth called "mind-blowing" in a statement last week.
Then there was last year's episodes that allowed [19]Chinese and [20]Russian cyber spies to break into Exchange accounts used by high-level federal officials and steal a whole bunch of emails and other information. That incident, and plenty more before it, led former senior White House cyber policy director AJ Grotto to conclude that Microsoft was an honest-to-goodness [21]national security threat . None of that has mattered much, as the feds seem content to continue paying Microsoft for its services, despite wagging their finger at Redmond for " [22]avoidable errors ."
[23]Pentagon 'doubling down' on Microsoft despite 'massive hack,' senators complain
[24]Microsoft eggheads say AI can never be made secure – after testing Redmond's own products
[25]Microsoft answered Congress' questions on security. Now the White House needs to act
[26]Google takes shots at Microsoft for shoddy security record with enterprise apps
When it comes to government customers, using China-based support staff isn't Microsoft's only sin. The company had a [27]Sharepoint zero-day that it only "partially" addressed with July security updates. Suspected state-backed hackers used that vuln to target an unspecified "major western government," per the company.
That, senior cybersecurity and counterterrorism advisor for the Clinton and Bush II administrations Roger Cressey [28]told us last month, is among the reasons he considers Microsoft to be a continual gift to America's foreign adversaries, as the Sharepoint issue is just "the latest episode of a decades-long process of Microsoft not taking security seriously."
"The Chinese are so well prepared and positioned on Microsoft products that in the event of hostilities, we know for a fact that Chinese actors will target our critical infrastructure through Microsoft," Cressey told us in an interview last month.
When asked what it had done to improve its security posture, Microsoft declined to answer any of our questions directly, instead pointing us to its press release about today's GSA deal, specifically its section on security.
Agencies are safe to adopt Microsoft software, the company said, because "these services have already achieved key FedRAMP security and compliance authorizations." FedRAMP is the government's security approval process for cloud software.
"Microsoft 365, Azure and our key AI services are authorized at FedRAMP High," the company statement says. "Microsoft 365 Copilot received provisional authorization from the US Department of Defense, with FedRAMP High expected soon."
That's not exactly reassuring considering Microsoft's products have [29]variously been [30]authorized for government use [31]for [32]years , well before many of its recent security failings that affected federal agencies. ®
Get our [33]Tech Resources
[1] https://www.gsa.gov/about-us/newsroom/news-releases/multibillion-dollar-gsa-onegov-agreement-with-microsoft-brings-steep-discounts-09022025
[2] https://www.theregister.com/2025/04/18/microsoft_copilot_not_wanted/
[3] https://www.microsoft.com/en-us/microsoft-365/enterprise/government-plans-and-pricing
[4] https://www.theregister.com/2025/08/21/google_govt_discount_ai/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aLdo9r6Z1kHBdbAQgqztKAAAAMY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[6] https://www.gsa.gov/about-us/newsroom/news-releases/gsa-unveils-onegov-strategy-04292025
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aLdo9r6Z1kHBdbAQgqztKAAAAMY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aLdo9r6Z1kHBdbAQgqztKAAAAMY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[9] https://www.theregister.com/2025/07/08/gsa_oracle_deal/
[10] https://www.theregister.com/2025/08/06/google_openai_anthropic_us_gov_ai_deal/
[11] https://www.theregister.com/2025/08/12/gsa_inks_another_1dollar_onegov_deal/
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aLdo9r6Z1kHBdbAQgqztKAAAAMY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[13] https://www.theregister.com/2025/08/13/boxs_ai_agent_us_gov/
[14] https://www.theregister.com/2025/08/07/gsa_signs_1b_deal_with_aws/
[15] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aLdo9r6Z1kHBdbAQgqztKAAAAMY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[16] https://blogs.microsoft.com/blog/2025/09/02/accelerating-ai-adoption-for-the-us-government/
[17] https://www.theregister.com/2025/08/29/pentagon_ends_microsofts_use_of/
[18] https://www.theregister.com/2025/07/28/microsoft_china_staffers_us_govt_cloud/
[19] https://www.theregister.com/2024/04/03/cisa_microsoft_exchange_online_china_report/
[20] https://www.theregister.com/2024/04/12/microsoft_cisa_order/
[21] https://www.theregister.com/2024/04/21/microsoft_national_security_risk/
[22] https://www.theregister.com/2024/04/05/microsoft_government_contracts/
[23] https://www.theregister.com/2024/06/04/pentagon_doubling_down_on_microsoft/
[24] https://www.theregister.com/2025/01/17/microsoft_ai_redteam_infosec_warning/
[25] https://www.theregister.com/2024/06/15/microsoft_brad_smith_congress/
[26] https://www.theregister.com/2024/05/20/google_takes_shots_at_microsoft/
[27] https://www.theregister.com/2025/07/21/massive_security_snafu_microsoft/
[28] https://www.theregister.com/2025/08/08/exwhite_house_cyber_and_counterterrorism/
[29] https://marketplace.fedramp.gov/products/MSO365MT
[30] https://marketplace.fedramp.gov/products/FR1824057433
[31] https://marketplace.fedramp.gov/products/F1209051525
[32] https://marketplace.fedramp.gov/products/F1603087869
[33] https://whitepapers.theregister.com/
Ain't corptocracy grand?
ecofeco
You have problem with Corporate Communist Capitalism©®™, comrade?
Bribery and coercion
navarac
It all comes down to Microsoft (*) bribing businesses and governmental agencies to use its bug-ridden, malware infested, data grabbing and poorly tested products.
(*) Other (especially US) Tech Industries are guilty of the same.
AI text spewers are the perfect disinformation devices, and now they are cheaper than ever! Even if collective bargaining is being disappeared, bargains for the collective are still available.