Microsoft Moves Former DOJ Officials Into Key Roles
Washington DC, USAMon Mar 23 2026
In 2020, a cloud service called GCC High was introduced into the Department of Justice after a review by external auditors and an internal audit. The product, owned by Microsoft, soon became part of the federal government’s cloud marketplace, giving the company a prominent spot and free publicity. However, questions arose about its security and the independence of the reviewers who cleared it.
A former DOJ executive named Rogers later joined Microsoft’s enterprise cloud team, while another former official, Monaco, became the company’s global affairs president. During Rogers’ time at the DOJ, she supported the deployment of GCC High and even defended it in meetings with auditors. Many former federal employees say she pushed the department to approve the service quickly, raising concerns about impartiality.
Auditors repeatedly complained that Microsoft had not shared enough information on its security practices and that the initial assessment firms were paid by Microsoft, creating a conflict of interest. They also warned that the cloud network might be too exposed to insecure connections, making it vulnerable to breaches. In 2023, evidence surfaced that Chinese hackers had accessed the system and stolen sensitive emails from high‑ranking officials. The auditors then threatened to halt the approval process unless Microsoft started over, a move that could have cost the company billions.
Despite these objections, a new review in 2024 ultimately cleared GCC High for use. The decision noted that not approving the service would disrupt several agencies already relying on it. Microsoft stated that Rogers’ new role had no influence over the approval and that all legal and ethical rules were followed. Monaco’s involvement was less direct; she had announced plans to use the False Claims Act against contractors that failed cybersecurity standards, but no evidence linked her to GCC High’s review.
Critics argue that the DOJ’s push for GCC High, coupled with Microsoft’s ties to China through research labs and partnerships, should have triggered stricter scrutiny. They point out that the DOJ’s own cybersecurity rules require U. S. personnel for sensitive IT work, a standard that seemed ignored in the GCC High case.
