The Federal Trade Commission is investigating Microsoft in a wide-ranging probe that will examine whether the company’s business practices have run afoul of antitrust laws, according to people familiar with the matter. In recent weeks, FTC attorneys have been conducting interviews and setting up meetings with Microsoft competitors.
One key area of interest is how the world’s largest software provider packages popular Office products together with cybersecurity and cloud computing services, said one of the people, who asked not to be named discussing a confidential matter.
This so-called bundling was the subject of a recent ProPublica investigation, which detailed how, beginning in 2021, Microsoft used the practice to vastly expand its business with the U.S. government while boxing competitors out of lucrative federal contracts.
At the time, many federal employees used a software license that included the Windows operating system and products like Word, Outlook and Excel. In the wake of several devastating cyberattacks, Microsoft offered to upgrade those license bundles for free for a limited time, giving the government access to its more advanced cybersecurity products. The company also provided consultants to install the upgrades.
Vast swaths of the federal bureaucracy accepted, including all of the military services in the Defense Department — and then began paying for those enhanced services when the free trial ended. Former sales leaders involved in the effort likened it to a drug dealer hooking a user with free samples, as they knew federal customers would be effectively locked into the upgrades once they were installed. Microsoft’s offer not only displaced some existing cybersecurity vendors but also took market share from cloud providers like Amazon Web Services, as the government began using products that ran on Azure, Microsoft’s own cloud platform.
Some experts told ProPublica that the company’s tactics might have violated laws regulating contracting and competition, and the news organization reported that even some of Microsoft’s own attorneys had antitrust worries about the deals.
Microsoft has said its offer was “structured to avoid antitrust concerns.” The company’s “sole goal during this period was to support an urgent request by the Administration to enhance the security posture of federal agencies who were continuously being targeted by sophisticated nation-state threat actors,” Steve Faehl, the security leader for Microsoft’s federal business, told ProPublica.
Some of those incursions were the result of Microsoft’s own security lapses. As ProPublica reported in June, Russian state-sponsored hackers in the so-called SolarWinds attack exploited a weakness in a Microsoft product to steal sensitive data from the National Nuclear Security Administration and the National Institutes of Health, among other victims. Years before the attack was discovered, a Microsoft engineer warned product leaders about the flaw, but they refused to address it for fear of alienating the federal government and losing ground to competitors, ProPublica reported.
While the engineer’s proposed fix would have kept customers safe, it also would have created a “speed bump” for users logging on to their devices. Adding such “friction” was unacceptable to the managers of the product group, which at the time was in a fierce rivalry with competitors in the market for so-called identity tools, the news organization reported. These tools, which ensure that users have permission to log on to cloud-based programs, are important to Microsoft’s business strategy because they often lead to demand for the company’s other cloud services.
According to a person familiar with the FTC’s probe, one such identity product, Entra ID, formerly known as Azure Active Directory, is another focus of the agency’s investigation.
Microsoft has defended its decision against addressing the SolarWinds-related flaw, telling ProPublica in June that the company’s assessment included “multiple reviews” at the time and that its response to security issues is based on “potential customer disruption, exploitability, and available mitigations.” It has pledged to put security “above all else.”
The FTC views the fact that Microsoft has won more federal business even as it left the government vulnerable to hacks as an example of the company’s problematic power over the market, a person familiar with the probe told the news organization.
The commission is not alone in that view. “These guys are sort of a version of ‘too big to fail,’” said Sen. Ron Wyden, an Oregon Democrat who chairs the Senate Finance Committee and a longtime critic of Microsoft. “I think it’s time to amp up the antitrust side of the house, dealing with antitrust abuses.”
The FTC’s investigation of Microsoft, which was first reported by the Financial Times and Bloomberg, is far from the company’s first brush with federal regulators over antitrust issues. More than two decades ago, the Department of Justice sued the company in a landmark antitrust case that nearly resulted in its breakup. Federal prosecutors alleged that Microsoft maintained an illegal monopoly in the operating system market through anticompetitive behaviors that prevented rivals from getting a foothold. Ultimately, the Justice Department settled with Microsoft, and a federal judge approved a consent decree that imposed restrictions on how the company could develop and license software.
John Lopatka, a former consultant to the FTC who now teaches antitrust law at Penn State, told ProPublica that the Microsoft actions detailed in the news organization’s recent reporting followed “a very familiar pattern” of behavior.
“It does echo the Microsoft case” from decades ago, said Lopatka, who co-authored a book on that case.
In the new investigation, the FTC has sent Microsoft a civil investigative demand, the agency’s version of a subpoena, compelling the company to turn over information, people familiar with the probe said. Microsoft confirmed that it received the document.
Company spokesperson David Cuddy did not comment on the specifics of the investigation but said the FTC’s demand is “broad, wide ranging, and requests things that are out of the realm of possibility to even be logical.” He declined to provide on-the-record examples. The FTC declined to comment.
The agency’s investigation follows a public comment period in 2023 during which it sought information on the business practices of cloud computing providers. When that concluded, the FTC said it had ongoing interest in whether “certain business practices are inhibiting competition.”
The recent demand to Microsoft represents one of FTC Commissioner Lina Khan’s final moves as chair, and the probe appears to be picking up steam as the Biden administration winds down. The commission’s new leadership, however, will decide the future of the investigation.
President-elect Donald Trump said this month that he will elevate Commissioner Andrew Ferguson, a Republican attorney, to lead the agency. Following the announcement, Ferguson said in a post on X, “At the FTC, we will end Big Tech’s vendetta against competition and free speech. We will make sure that America is the world’s technological leader and the best place for innovators to bring new ideas to life.”
Trump also said he would nominate Republican lawyer Mark Meador as a commissioner, describing him as an “antitrust enforcer” who previously worked at the FTC and the Justice Department. Meador is also a former aide to Sen. Mike Lee, a Utah Republican who introduced legislation to break up Google.
Doris Burke contributed research.