Despite doubts, federal cyber experts approved Microsoft cloud service

3/18/2026 at 2:45:06 PM

> [...]And because federal agencies were allowed to deploy the product during the review, GCC High spread across the government as well as the defense industry. By late 2024, FedRAMP reviewers concluded that they had little choice but to authorize the technology — not because their questions had been answered or their review was complete, but largely on the grounds that Microsoft’s product was already being used across Washington.

This sounds like the crux of the issue. The combination of: "tool can be used during analysis" and "analysis takes long" shifts the barrier of rejection from "is this tool safe?" to "is this tool so unsafe that we're willing to start a fight with a lot of other government agencies to remove it, find an alternative, etc?".

Not criticizing FedRAMP. Proper security review takes time. And probably more when dealing with vendors.

by jbombadil

3/18/2026 at 9:19:06 PM

> Not criticizing FedRAMP

Think it's very important to criticize FedRAMP. The FedRAMP board is extremely slow moving and continuously disregards industry feedback. As a result, FedRAMP is essentially a Palantir tax, where nearly every startup hoping to sell to government (including larger ones like Anthropic, xAI, Cognition AND OpenAI) is forced to pay Palantir to deploy in their FedRAMP enclave. This has a sticker price of 200-500k/y before we get into compute premiums.

Going through FedRAMP yourself requires a staff who is willing to put in a dedicated effort on the compliance paperwork (not the controls, which you could knock out in ~1mo easily, just the paperwork) for 6-8mo before getting into a line to hopefully get a 3PAO audit and then remediations followed by another audit which is followed by needing to get agency sponsorship for a FedRAMP board review. This costs $2-3M minimum including the amount of security software needed for evidencing and policy, which rules out nearly every small business. This process also can easily take 2-3 years of waiting, which forces out enterprise. So anyone entering the ecosystem is essentially forced to pay Palantir (or 2F which is a distant 2nd) a tax that is entirely enforced by government regulation.

They are not any kind of 'Federal Cyber Experts' either as that work is primarily outsourced to Schellman etc.

by cuuupid

3/19/2026 at 4:55:15 AM

> FedRAMP is essentially a Palantir tax, where nearly every startup hoping to sell to government (including larger ones like Anthropic, xAI, Cognition AND OpenAI) is forced to pay Palantir to deploy in their FedRAMP enclave

Having been through FedRAMP twice, I can this is absolute fiction. What does Palantir have to do with anything?

by bigfatkitten

3/19/2026 at 4:35:30 PM

Palantir FedStart is a new program, and a quick look at the FedRAMP marketplace will show you there are literally 0 tech startups listed that are there without jumping on Palantir’s ATO. I find it difficult to believe you have been through FedRAMP twice but would declare something as ‘absolute fiction’ when it can be easily proven

by cuuupid

3/19/2026 at 7:36:24 PM

We obtained an ATO in our own right, which is slow but otherwise really not that hard.

by bigfatkitten

3/19/2026 at 3:16:09 AM

> Going through FedRAMP yourself requires a staff who is willing to put in a dedicated effort on the compliance paperwork

But couldn’t you say the same for CMMC 2.0, NIST 800-171, RMF, JSIG, STIG, etc?

by firesteelrain

3/19/2026 at 4:42:57 PM

I am, CMMC 2.0 requires and is essentially satisfied by FedRAMP Moderate, and NIST 800-171 is a subset of FedRAMP. Notably both CMMC and FedRAMP were met with immense criticism from industry which was mostly ignored.

It would be better to compare this to commercial, like SOC 2, which is achievable even for small startups without much effort and on much more affordable budgets.

Notably SOC 2 full service is $20k including tooling (Vanta + Workstreet + audits), NIST is $20-30k (Vanta + partners), while FedRAMP is $500k-1M (Coalfire) just for implementation before getting into tooling and audits.

by cuuupid

3/18/2026 at 3:08:37 PM

It's why these enterprise vendors want foot in the door at all costs.

They know that if they get entrenched first, it's impossible to migrate away. That's basically free money from a customer that has zero cost ceiling.

by chii

3/18/2026 at 4:01:56 PM

That's false that Government agencies have 0 cost ceiling. Maybe DoD does, but most offices have extremely tight budgets.

by andychase

3/18/2026 at 4:28:40 PM

As far as I know numbers aren't reported, but there's probably at least as many DIB GCC-H customers as government, who in part use it because the government does and it's compliant. Once they're locked in it's very hard to migrate.

by kipchak

3/18/2026 at 10:07:53 PM

I dunno, but for me ensuring security means reducing the number of problematic parts, and making sure the ones that have control over the ones that exist.

The most secure thing I could think of is a cluster of servers running in my basement under lock and key, running a conservative set of well-tested software.

by torginus

3/18/2026 at 3:02:04 PM

Recently tried using Entra ID. There are 12 ways to enforce MFA, 20 days ways to disable users, 4 ways to authenticate users, Add conditional access stuff with 50 variables and templates etc.

You can customize the way you want. After configuring it, my colleagues could not log in. Thats one way to secure your organization.

by debarshri

3/18/2026 at 3:26:40 PM

Out of all the SSO login flows Microsoft has to have the buggiest. It’s the only one I can remember routinely having issues with. Why are there so many redirects? And why doesn’t the “remember me” checkbox ever work?

by mastax

3/18/2026 at 3:50:09 PM

It is also the only SSO flow I have ever seen that fundamentally cannot work if you have more than one account remembered on your device. So far the only way I’ve found to get it to let you log out of account A and then log into account B is to clear all cookies otherwise it gives you permission denied errors. Have no idea how it can be this horrible

by CDSlice

3/18/2026 at 4:23:44 PM

Yeah I have had this experience too. Woe betide ye if your company gets bought by another company with pre-existing Azure AD.

by throwway120385

3/18/2026 at 5:10:24 PM

Would container tabs solve that? They're pitched as helping separate work and personal logins.

by rgblambda

3/18/2026 at 5:20:42 PM

I just run completely separate browser profiles to separate work and personal stuff. And I still sometimes need private mode or a throwaway profile to get some random thing to work.

by SoftTalker

3/18/2026 at 11:13:20 PM

I use temporary-containers on firefox and they are a marvel for working with microsoft's stuff, which absolutely doesn't anticipate two accounts working on one browser.

Of course "open in incognito mode" works for this as well, just less automatic.

by aidenn0

3/19/2026 at 1:31:00 PM

I am not sure how, but at one point even private browser mode would still have me logged in to Entra ID. Couldn’t log out of main browser and same session would follow me to private.

by mleo

3/18/2026 at 10:43:02 PM

Firefox's? Yep. Edge's? Bloody hell no.

by SSLy

3/18/2026 at 4:34:08 PM

I haven't seen it in a while (perhaps mostly because I'm in Google stuff way less than I used to be) but for years multiple Google sites would get in a state where its auth would route me through about twenty redirects in a loop and never actually finish authenticating me. Clearing cookies and re-logging-in from scratch was the only fix.

Youtube was always involved, somehow, for some reason, even when what I was doing wasn't connected to Youtube at all or the account I was using had never even been intentionally used with Youtube. It'd route me through a few Youtube domain names.

(Microsoft's is indeed even worse, on some of theirs [Azure Devops, looking at you] I can't use them in pinned tabs because somehow they manage to get into a totally broken state where the page won't load due to whatever's happening with their auth flow in the background, and no method of reloading the tab fixes it, and it does this every couple days—but copy-pasting the same URL to a new tab does work)

by genthree

3/18/2026 at 6:40:05 PM

And then sometimes the "switch user" prompt doesn't work but it automatically logs you in with the wrong account to a system that account doesn't have access to, then drops you in a non-interactive "you're not authorized" screen. You have to find a working page, log out, then go back and try logging in...

by rendaw

3/18/2026 at 3:43:53 PM

I've always assumed the billions of redirects are setting cookies so all the various systems "work" but I have given up trying to understand it.

by bombcar

3/19/2026 at 4:38:13 PM

Speaking of redirects, I haven't been able to use Outlook 365 in Firefox for years – every single time I get redirect after redirect, only to then end up on yet another log-in screen. Meanwhile, in Chromium-based browsers everything works fine.

by codethief

3/20/2026 at 12:01:34 AM

Remember me checkbox is the biggest lie. Okta is the same. I want to cry every time I see that login screen. It's few times a day. #security

by kavenkanum

3/18/2026 at 8:22:13 PM

Why, 20% when logging in, do I actually get logged out? I'm sorry if I was already logged in, why the hell are you asking me to log in again?

Having Microsoft on your resume is a huge red flag.

by pc86

3/18/2026 at 8:33:06 PM

It is still like this? I remember it being terrible trying to log into xbox.com 15 years ago.

by asdff

3/19/2026 at 4:55:24 AM

Ah so it’s not just me and my company!

by geophph

3/18/2026 at 3:53:03 PM

The problem is modern MS doing three contradictory things at the same time:

- FB's move fast and break things. Constantly launching new libs.

- Linus's we do not break user space. Great commitment to backwards compatibility.

- Never deprecating dead products until they've been de facto abandoned for like decades.

This combination means every MS product is a labyrinth of overlapping APIs with no guidance as to which one is actually the good one. Some are abandoned garbage, some are brand new and incomplete, and some are both, and there's no way of knowing which are which even experts can mislead you.

by Pxtl

3/18/2026 at 5:25:37 PM

Well said. It feels like Microsoft is willing to release the intern’s poorly thought out product, and then commits to support the garbage design for all time.

Microsoft, you are a behemoth. There are few domains where you actually compete. Give your products a minute to breath before you cast them in stone.

by 0cf8612b2e1e

3/18/2026 at 11:12:14 PM

> and there's no way of knowing which are which

Especially not after the last round of cuts, some of the people they let go made my jaw drop.

by gopher_space

3/18/2026 at 7:54:53 PM

> no guidance as to which one is actually the good one.

To some extent, you’re/we’re the ones deciding that,

because there’s entirely different teams heading the separate offerings,

and none of them are going to offer a potential footgun like:

“hey, we’re not the best modern path into xyz type projects, check with our colleagues on the Blazor team”,

unless someone makes them.

by DANmode

3/18/2026 at 4:12:49 PM

[dead]

by b0rgedhuman

3/18/2026 at 3:12:12 PM

That’s Microsoft. 1000s of features and none of them really work the way they are supposed to.

by yoyohello13

3/18/2026 at 5:18:55 PM

it's "Enterprise" grade software! need to check the boxes for the procurement process (actually working is a separate department)

by ploxiln

3/18/2026 at 6:52:16 PM

Exactly! I can’t even count the number of times we’ve been in the discovery phase of a project and see “Oh this MS product does that! Cool”. Then when we get to the actual implementation realize it’s a broken mess. It’s sales driven software development, they just need to get you far enough along to sign the contract, then it’s too late to back out.

by yoyohello13

3/18/2026 at 4:03:33 PM

[dead]

by b0rgedhuman

3/18/2026 at 3:14:03 PM

There are extra ways to do that, but they're on a document deep in a Sharepoint directory that you can't access.

by joezydeco

3/18/2026 at 3:19:45 PM

Moments like this, I miss clippy.

by debarshri

3/18/2026 at 3:14:38 PM

same experience for us, and then they email the living shit out of you about how your weekly entra id stats are good or bad, and you can not opt out of these emails.

by jjtheblunt

3/18/2026 at 3:28:44 PM

> they email the living shit out of you

This sounds like LinkedIn.

by lostlogin

3/18/2026 at 3:37:22 PM

Wait a minute. It is owned by Microsoft.

by debarshri

3/18/2026 at 4:16:16 PM

It’s a relentless horror. I signed my wife up to track down a driver that crashed into her.

I think LinkedIn spam is worse than being in a crash.

by lostlogin

3/19/2026 at 3:33:30 AM

Ctrl + Shift + Alt + Windows Key + L

by hsbauauvhabzb

3/19/2026 at 7:03:55 AM

Does this really work? It’s so awful.

https://www.pcgamer.com/ctrlshiftaltwinl-is-the-most-cursed-...

by lostlogin

3/18/2026 at 6:20:38 PM

I ripped Entra ID from one of our projects and replaced it with Keycloak.

by DeathArrow

3/18/2026 at 3:19:33 PM

Same here, except with Minecraft and XBox One.

I don’t understand how they have non-zero market share.

by hedora

3/18/2026 at 3:29:56 PM

I remember trying to buy $9 worth of Minecraft In-app Whatever for my kid, and the goose chase Microsoft put me on just to log in and buy something was totally out of this world. I ended up needing to contact their fraud department around step 74.

by ryandrake

3/18/2026 at 8:34:18 PM

Wow I had no clue they even had in app crap for minecraft. Got to put the kid on the java build.

by asdff

3/18/2026 at 3:37:46 PM

I'm still annoyed that I can't share those Minecraft purchases with a family.

by doubled112

3/18/2026 at 3:26:19 PM

For Minecraft they inherited a gigantic userbase from Mojang and then made it 10x harder to add new users.

by alexpotato

3/18/2026 at 4:45:34 PM

I did it for my kids to have accounts and I do not understand how anyone who hasn't built a Gentoo from Stage 1 has a prayer of managing to buy Minecraft Java Edition for their kid, and making it actually work.

Then you've got the hell of overlapping permissions systems on the console and the Microsoft account, to get any amount of online play working on a console if you also get Bedrock. On the Playstation, especially, the error messages also love to not tell you which of the two systems is blocking you, so you get to guess. And Microsoft's site for managing those permissions is so confusingly-laid-out that even after doing it three times in a row I still felt lost on it.

I never did solve the problem of getting Minecraft Java Edition to run on a kid's MacBook with allowlist-only Web access. It wants to contact ten or so apparently-randomly-selected-from-an-enormous-pool IP addresses on every launch. I never did find documentation of which IP blocks I needed to allow, and couldn't guess at it from the IPs themselves. If they'd just used domain names... I must have manually hit "allow" a bunch of times during twenty separate launches, and it was still presenting me the same number of prompts every time, because there was no overlap in the IPs contacted (adding insult to injury is that I'm sure all but at-most two of these were spyware horse-shit that had no actual generously-necessary role in running the software, but it'd fail if it couldn't reach them)

by genthree

3/18/2026 at 8:35:25 PM

I was supposed to have a license through my alpha build purchase but microsoft made it impossible to transfer over. So now I just see it as my right to pirate the game until the end of time.

by asdff

3/18/2026 at 3:22:39 PM

Microsoft has never been good at security, and that is why their centralization to cloud is absolutely terrifying.

I'm reminded of Storm-0558 [1] where a stolen signing key was able to forge authentication tokens for any MSA / Azure AD / Government AD user. They downplayed the severity. Just imagine if that level of access was used to pull a Stryker on a nation-wide scale. That is an economic disaster waiting to happen.

[1] https://www.microsoft.com/en-us/security/blog/2023/07/14/ana...

by iscoelho

3/18/2026 at 3:39:06 PM

I'll do you one better: stealing the signing key was not even necessary.

https://www.bleepingcomputer.com/news/security/microsoft-ent...

by Rygian

3/18/2026 at 3:51:50 PM

I knew there was another incident that I was forgetting, insanity... I don't understand how Microsoft keeps getting away with this and everyone just forgets.

by iscoelho

3/18/2026 at 6:17:00 PM

When people's income depends on them forgetting... they tend to become amnesiacs.

by someguyiguess

3/18/2026 at 5:15:10 PM

because time to market is more important than security (at microsoft)

by natas

3/18/2026 at 5:25:17 PM

Oh please, that could happen at any company. Humans screw up.

by notepad0x90

3/18/2026 at 6:52:43 PM

But it doesn't. Full authentication bypass exploits are extremely rare and unheard of among tech giants. Maybe account takeover/recovery, sure, but full bypass? It just never happens.

Microsoft goes beyond that: they've managed to have a critical vulnerability in almost every authentication product they have ever created. It's exceptional.

by iscoelho

3/18/2026 at 10:26:04 PM

> But it doesn't.

That we know of.

> It's exceptional.

I agree, but I look at it as a question of cost. would it make sense for Russia to spend on resources to compromise GCP or AWS? Microsoft's EntraID/AzureAD itself is an exceptional product in that organization's dependency on it, especially US government orgs, is exceptional.

If APTs target AWS, they will compromise it, period. Of course the caveat is time, skill and money which can all be acquired at cost.

by notepad0x90

3/19/2026 at 4:11:49 AM

"If APTs target AWS, they will compromise it"

Not all compromises are the same. They might get into some logging API in AWS. With Azure, the get the master keys. Both are compromises; they aren't the same. Either you have never used Azure, know nothing about security, or you work in MS marketing.

by hunterpayne

3/19/2026 at 8:59:12 AM

Any company where this happens is being mismanaged.

The whole point of having companies is to overcome limitations of humans acting individually.

by Rygian

3/18/2026 at 3:41:38 PM

The experts were correct. Azure is the biggest pile of shit I've ever had to work with. Everything feels evolutionary. In other words, a new product in azure is barely a product at all, but a small appendage which totally inherits a bunch of preexisting Azure "stuff." And all this preexisting stuff may not really make sense for the product, and it might inherit stuff that makes the product much worse. But, it doesn't matter. To even think about using the product, you need to learn way more about the larger Azure ecosystem than you ever bargained for, and of course deal with Microsoft products that do not really integrate well because the teams don't talk to each other. Log formats, conventions, everything will be different as you float around to different parts of Azure. Basic security concepts, such as a SIEM will be implemented in such strange ways that you wonder if Microsoft has any idea what a SIEM even is.

by everdrive

3/18/2026 at 4:27:21 PM

As a Microsoftie of more than a decade... Yeah, I see this.

We have an internal system called Cosmos[0] that does a great job of processing huge quantities of data very fast. And we sat on it for years while the rest of the industry moved to Spark and its derivatives. We finally released it as Azure Data Lake Analytics (ADLA) but did a shit job of supporting/promoting it.

We built Synapse, and it's garbage. We've now got Fabric which I guess is the new Synapse. I wouldn't really know because I probably have five different systems that I use that basically do large-scale data processing, and yet Fabric isn't one of them; who knows, maybe it will become the sixth?

We've had numerous internal systems for orchestrating jobs, and it wasn't until Azure Data Factory that we finally released something externally that we sort-of-kind-of-but-not-really use internally. (To be fair, some teams do use it internally, but we're not all rowing in the same direction.)

I regularly deal with multiple environments with different levels of isolation for security. I don't even know how it's all supposed to work -- I have my regular laptop and a secure workstation and three accounts that work on the two. Yet I have to do some privileged account escalation to activate these roles; when I'm done, there's no apparent way to end the activation early, so I just let it time out.

These things are but a fraction of the Azure offerings, but literally everything I have used in Azure makes me absolutely HATE working in the cloud. There's not a single bright side to it AFAICT. As best as I can tell, the only reason why Azure makes so much damn money is because Microsoft is huge and can leverage its size into growth. We're very much failing up here.

[0] https://www.microsoft.com/en-us/research/publication/big-dat...

by anonymsft318

3/18/2026 at 6:11:56 PM

> I probably have five different systems

This is the story of Microsoft - five different ways to do the thing, none of which do everything, and all of which are in various states of disrepair ranging from outright deprecation on up through feature-incomplete preview. Which one do you use? Who knows, but by the time you get everything moved over to that one and make allowances for all the stuff the one you chose doesn't support, there will be a new more logical choice for "that one" and you'll have to start over again. Wheee.

by beaviskhan

3/18/2026 at 6:59:33 PM

And now slap widespread vibe coding and PRs that reviewed by LLMs without anyone giving it a proper look.

by blks

3/18/2026 at 7:40:59 PM

We are now definitely doing a lot of that. My manager has been saying things like, "I don't even know how it works, but I used AI to build [thing], and I just sent it to a PR." He's very strong technically, but the mindset has absolutely shifted to, "move fast and break things, yoloooooo". It's frustrating to say the least.

by anonymsft318

3/18/2026 at 7:23:27 PM

And most of that is done on Macbooks by people that either can not or will not use Windows OS.

by BizarroLand

3/18/2026 at 7:30:47 PM

I don't mean this as a jab, but would you use Windows to develop software? Especially Windows that has AD teeth sunk into it where everything is "managed by your organization." It's just a thousand small cuts for seemingly no good reason.

by Spivak

3/18/2026 at 8:49:22 PM

>>but would you use Windows to develop software?

I'm a c++ developer and I wouldn't use anything other than Windows to develop software, for one reason alone - Visual Studio is a fantastic tool that is better than any IDE I have ever tried it and imho it's the best product Microsoft makes. It just works and works well. And most console toolchains are only on Windows, so outside of iOS development I don't really have a choice.

by gambiting

3/18/2026 at 7:39:32 PM

No, but I also wouldn't let people who do not understand the soul of the OS to rewrite it.

If I were the microslop god for 6 weeks, I would force everyone to go to a boot camp and use Windows 7 for 4 of those weeks so they could see what made it so good.

No invasiveness, an OS that felt like yours. Just enough eye candy to not be distracting but to also feel like a clean modern system. Low system usage at idle. Calm, clean, and ready to roll when you clicked a button.

Windows is NEVER going to be MacOS, but the dev teams seem obsessed with macifying windows while also wedging that AI abomination copilot into every line of code, so windows is getting a tag team of rapid enshittification on top of already having been massively enshittified, and at least some portion of it is due to the people being paid to make it not understanding what it is supposed to be, the niche it held, and the reason for windows existence.

With no soul, windows has to go.

by BizarroLand

3/18/2026 at 7:35:15 PM

Wait, is this true? I would have imagined unless it’s about porting software or testing it, everyone would be forced to use Windows.

If it is true, wonder what the proportion is then: 25%, 50%?

by rdtsc

3/18/2026 at 7:57:12 PM

It's not true. Source - me, MSFT for 25 years.

by chokolad

3/18/2026 at 8:52:14 PM

I’ve seen Microsoft employees run public presentations from MacBooks on multiple occasions.

by jiggawatts

3/18/2026 at 11:53:11 PM

> I’ve seen Microsoft employees run public presentations from MacBooks on multiple occasions.

This is specifically done to show that Microsoft tech eg .net is not tied to Windows.

by chokolad

3/18/2026 at 8:50:38 PM

Yes, because you know what all of the 200,000+ employees are doing in every wing and branch of the entire company.

Then again, Microsoft themselves directly dispute your statement:

Across the landscape of more than 750,000 devices in use at Microsoft, we support Windows, Android, iOS, and macOS devices. Windows devices account for approximately 60 percent of the total employee-device population, while iOS, Android, and macOS account for the rest. Of these devices, approximately 45 percent are personally owned employee devices, including phones and tablets. Our employees are empowered to access Microsoft data and tools using managed devices that enable them to be their most productive.

https://www.microsoft.com/insidetrack/blog/evolving-the-devi...

Not to mention that most app designers use OSX for the design tools, which means that there is going to be by default some bleed between the two systems on design choices alone.

by BizarroLand

3/18/2026 at 11:51:22 PM

> while iOS, Android, and macOS account for the rest. Of these devices, approximately 45 percent are

Pretty much everyone has an android or iOS device in their pocket. A lot of those devices are enrolled into Microsoft MDM in order to access email/teams/etc. These phones are part of the stats. Dev work in general is done on Windows boxes, unless you are in specific teams that have other requirements. Default is Windows, specifically Windows laptop.

by chokolad

3/18/2026 at 11:59:23 PM

200,000+ windows devices issued by the company.

200,000+ phones.

Worst case somewhere around 50,000-150,000 tablets.

That leaves ~200,000 unaccounted for devices with only macOS on the table. I think the saturation is higher than you have experienced, although I'll give that it's entirely possible that the areas you worked in were not one of them.

by BizarroLand

3/19/2026 at 1:19:06 AM

Have you worked in those areas with high saturation ?

by chokolad

3/18/2026 at 4:56:19 PM

Ugh this sounds like when I worked at Oracle/OCI. Some environments required a VPN, some a jumpbox, and some required logging into a virtual desktop, and then logging into a jumpbox. Just thinking about it gives me PTSD

by pram

3/18/2026 at 4:59:19 PM

any sufficiently large organization that is around for a decade or two trends towards spaghetti-access

by john_strinlai

3/18/2026 at 5:15:32 PM

Yup, same boat here (mid-size company).

All the corporate stuff is behind Okta, so that easy enough.

But all the dev/test systems are a mix of SSO, individual logins, etc. At least they're all behind the same VPN (except when they aren't, but that's less common).

And of course, if you're a cloud engineer (vs "normal" software engineer), you also have to deal with AWS access, which is a whole different can of worms.

by alistairSH

3/18/2026 at 5:45:23 PM

And yet, somehow AWS managed to get this right-ish. They evolved, learned by making mistakes, and created de-facto standards (like object storage protocol) on the way, while at the same time supporting decades-old services. And I'm sure they'll withstand the current AI craze.

by benterix

3/18/2026 at 5:53:23 PM

AWS had the benefit of not trying to retrofit IaaS on top of a (already bad) PaaS.

by jen20

3/18/2026 at 10:35:19 PM

Does Google have good SSO internally? Or Facebook?

(excluding things like administration of organization-wide infrastructure key material)

by harshreality

3/18/2026 at 6:46:53 PM

So the problem is the team size, not culture?

by DANmode

3/18/2026 at 5:36:06 PM

Their support team likes to sit on things for a while too. I'm on day 4 of waiting for Azure to approve my support request to increase Azure Batch vCPUs from default of 4 to 20 for ESv3 series. I signed up last week and converted to a paid account. I'm going to use Google Cloud Batch today instead.

by jonnycoder

3/18/2026 at 8:55:42 PM

You’ve made a fundamental mistake and you’ll have the same result from every cloud provider.

You’re using a legacy v3 series that is being removed from the data centres in an era where you could be using v6 or newer instances that are being freshly deployed and are readily available.

If you can’t be bothered to keep an eye on these absolute basics, you’re going to have a rough time with any public cloud, no matter their logo design.

Right now you're paying more for less compute and having to deal with low availability too! Go read the docs and catch up to the last decade of virtual hardware changes.

Or, just run this and pick a size:

    Get-AzBatchSupportedVMSku -Location 'centralus' | `
    ? Name -like 'Standard_E*v[67]'

by jiggawatts

3/18/2026 at 9:54:30 PM

Thanks I will try that!

by jonnycoder

3/18/2026 at 8:01:34 PM

So the internal Cosmos DB has nothing to do with Cosmos DB the Azure product, which was an unwieldy assemblage of a graph DB, a NoSQL DB, a time series DB and an RDBMS last time I looked at it, but seems to have morphed into a "vector DB for AI" according to today's marketing?

https://azure.microsoft.com/en-us/products/cosmos-db

by decimalenough

3/18/2026 at 8:25:10 PM

Ah, I remember Cosmos and SCOPE from my time at MS ~15 years ago! It was actually pretty cool technology. So is it still around?

by gpderetta

3/19/2026 at 2:54:34 PM

Make it 7, there's also the Sentinel datalake or whatever now!

by m_rpn

3/18/2026 at 4:19:20 PM

Absolute contempt for their users at every level. It’s so transparent. This is the end game of anticompetitive practices for decades— they just don’t have to try anymore… for now. Some day they’ll either have to compete in good faith or sink. I doubt that will happen soon, but someday.

by DrewADesign

3/18/2026 at 6:44:52 PM

They have to compete in good faith for developers, which is why VS Code does not suck.

But yes, normal Office users, where the company pays the bills, pay the price.

by jeffrallen

3/18/2026 at 8:36:11 PM

I agree that VSC is solid for web dev or other script language workflows, and VS is fine, if a bit heavy-handed. That said, Windows native development is a freaking mess. Try figuring out what their recommended native UI kit is these days. Everything is half-assed and half-supported at best. Unless it’s going to either feed them a ton of marketing telemetry or let them bump up their supposed copilot adoption statistics, you’re yesterday’s news to MS.

by DrewADesign

3/18/2026 at 8:35:24 PM

VS Code is also open source and forkable, the Windows kernel or Azure tech stack not so much

by HeWhoLurksLate

3/18/2026 at 4:59:26 PM

It's hard to argue against contempt but... I'm gonna try. It feels like at the end of the line it's just a checkbox someone gets without having to consider the consequences of the changes. Either it's too big or there's too many levels where decisions get made and handed down to drones (or AI), but the people who decide seem to have no concept of what their products are used for and the people who implement features seem to have accepted that the system is so big that they can't understand all the impacts of their changes and have to rely on trusting commands from above - who may expect them to challenge from the POV of users or question things but never do. Anyway, this feels like what happens when managerial overhead and marketing KPIs smash into a complex product ecosystem. It all smells of IBM to be honest

by pluc

3/18/2026 at 5:10:03 PM

Microsoft was always afraid of being IBM. They are more IBM than IBM.

When they started flying people in the beg that I buy 100 Surface Laptops, that was the confirmation of everything I had been thinking. All I could think of was IBM flying a dude from Italy in to talk for 15 minutes about their version of TeamViewer back in the day. We ended up talking about shoes.

by Spooky23

3/18/2026 at 7:15:56 PM

It's a shame. In the late 2010s there was a lot of hope for Satya Nadella, but it seems like the organization has regressed back to the mean.

by dralley

3/18/2026 at 7:31:06 PM

Which is sad because the CEO's job is not to focus on the individual body parts but to make sure that the whole system is strong, beautiful, and healthy.

They can afford people who would do better. Windows 11 is trash. Azure is trash. Onedrive is trash. Outlook is trashier than it has ever been before, but it's not quite trash yet. Word is trash. Excel is rapidly enshittifying. Copilot is hot flaming radioactive tar cancer.

Does microslop even have a single thing left that isn't either completely terrible or worse than it used to be a mere 5 years ago?

by BizarroLand

3/18/2026 at 8:33:27 PM

> Outlook is trashier than it has ever been before

Which one? There’s two now! Lol

by Spooky23

3/18/2026 at 8:41:41 PM

Both. "New" outlook doesn't work with all of the add-ons and plug ins that "classic" outlook did. Both new and classic have copilot wedged into them. Classic has unasked for and unwanted Linkedin integrations that have to be turned off on a per-user basis, and it is patently clear that microslop has every intention of abandoning classic outlook the instant they believe that they can do so without severely alienating their userbase.

by BizarroLand

3/18/2026 at 8:40:57 PM

I don’t perceive benign neglect when they disregard UX for a product they’ve positioned so people essentially have to pay for and use it, while force-feeding them features they actively and vocally hate. Treating your customers as cash cows is fundamentally contemptful.

by DrewADesign

3/18/2026 at 5:46:51 PM

If not contempt, at least disregard or indifference

by lokar

3/18/2026 at 4:05:59 PM

> Everything feels evolutionary.

That's total "normal" for Microsoft at least from 2018, the year I started working with some of their products (Power BI mostly). They adopted a development model that is early release, fast iteration, and users as testers. No wonder everything feels experimental until much later.

Back then I just couldn't use Power BI. But fast forward a few years, I think it got a lot better since maybe 2020. You just have to stick with it for a few years.

by markus_zhang

3/18/2026 at 4:51:08 PM

I worked at a hospital in that timeframe and they rolled out Teams. Up until they, shadow IT teams were running Slack just fine.

Man, what a horrendous pile of crap Teams was back then. The Slack teams were griping that they should just buy Slack, but Teams was the "enterprise solution." The problems were amplified during remote COVID work. Teams is fine now, but how many corporations went through years of frustration just because some IT decision maker said "Teams. Because it's enterprise."

by snapetom

3/18/2026 at 5:16:37 PM

Yeah that's the thing. Management who made the deals are never put into that frustration, or very rarely, and I always wonder, at least for the big corporations, if there is any greasy palms...

by markus_zhang

3/18/2026 at 6:50:09 PM

Manager humans will sell out your workflow,

and indeed your entire workplace,

for as little as a steak dinner.

by DANmode

3/18/2026 at 8:19:08 PM

Man, at least make a few dinners…

by markus_zhang

3/18/2026 at 5:02:20 PM

Teams is still a horrendous pile of crap. It's just that you've gotten used to the stench. It has few redeeming qualities other than, "we don't have to pay for another subscription" and that's not even the case in the EU.

by bigbuppo

3/18/2026 at 5:47:05 PM

Yeah but today you can at least have a video call more or less normally. Back then it was a hiccup after a hiccup, it was impossible to work normally, and yet orgs pushed it down everybody's throats as it was bundled.

by benterix

3/18/2026 at 7:04:03 PM

Definitely. Besides the performance issues, back then, Teams barely had any features. One example was that it wouldn't show you who was talking. First time we had a call was with 30 people and I remember a manager calling out a director responsible for this decision jokingly saying, "and you don't know who I am because Team doesn't show you who's talking."

The UI is an overengineered mess and I'd rather use literally anything else, but to say it's still unusable is disingenuous.

by snapetom

3/18/2026 at 4:13:32 PM

> You just have to stick with it for a few years.

So, you have to be a paying tester? Incredible that MS can keep enough businesses as hostage to be able to operate like that.

by dietr1ch

3/18/2026 at 4:22:41 PM

Most of the time it's just part of the bundle. If you are heavy into SQL Server, Office 365 and Power BI then there is a BIG chance you are going to use Azure for whatever the reason.

People who take Azure up without previous MS product experience...not sure about those.

by markus_zhang

3/18/2026 at 7:36:18 PM

There's a few, mostly retailers who don't want to give money to Amazon as a direct competitor, for them Microsoft/Azure is more of a neutral party, and most businesses already use Microsoft in at least some fashion so already have staff internally familiar with MS products (as opposed to say, going to GCP instead).

For everyone else, it's like you said. "Eh, we are already knee deep in the Microsoft stack, why would we pick anything else?"

by thewebguyd

3/18/2026 at 4:20:32 PM

a LOT of stuff comes for free or marginal (10-100$ a month) so yes, you do pay but it's already 'baked into' the contracts people generally carry with microsoft, or something for IT to worry about when the yearly renewals show up

by calvinmorrison

3/18/2026 at 4:45:07 PM

> You just have to stick with it for a few years.

Also see: SharePoint

by TYPE_FASTER

3/18/2026 at 3:54:17 PM

Azure is the color of the face you have after Microsoft beats you with your own wallet. They don’t want to give you access to anything, they want to own it and make you pay for it.

by reactordev

3/18/2026 at 4:07:31 PM

I’ve seen this in other “follow the leader” businesses too, they are not looking to even have working features, just parity on a spreadsheet with the market leader… I’m looking at you Gitlab.

by andy_ppp

3/18/2026 at 4:59:47 PM

I sometimes wonder if I would feel the same about AWS if I hadn’t already invested a significant amount of time learning the entire ecosystem, nomenclatures, patterns/best practices, etc.

by cj

3/18/2026 at 5:28:02 PM

As someone who has worked with all three in many capacities, as is the worst by a mile. Don’t get me wrong. They are all very bad, but Azure is the king of shit.

by manphone

3/18/2026 at 5:44:09 PM

And the same applies to regions. Try running is most of the regions, each is a bit different. And its not historical / sequential differences, just random.

by lokar

3/18/2026 at 4:01:18 PM

How is this different than Amazon? Same problem there. Oh, you're using this new service? Need to view the logs? Want a nice friendly UI to do that? Fuck you here's Cloudwatch. Good luck.

Just to be clear, I'm responding to the parent comment not the article.

by bmurphy1976

3/18/2026 at 4:07:11 PM

I love https://github.com/lucagrulla/cw , it's like tail for cloudwatch. It's super fast.

by klooney

3/18/2026 at 4:14:15 PM

That's great but that's not really the problem. The real problem is Amazon likes to release services that depend on other services, but leave the integration work to us.

I'm convinced Amazon has many teams crapping out new features but they don't have the political clout (or manpower) to create a comprehensive product. They are mandated by management to use existing services, and thus we the users suffer because we have to manage all this extra crap and noise just to enable basic functionality.

It's maddening. And then also it's maddening to see another service from a different team that was able to throw off these shackles and actually make a product that is self contained. You get a taste of how good things could be, and then you're thrown right back into the IAM/SQS/Cloudwatch/Cloudformation/Policy/everything else under the sun soup.

by bmurphy1976

3/19/2026 at 10:51:18 AM

Which ones are a good example of how things could be?

by bob778

3/18/2026 at 9:05:45 PM

[flagged]

by cyberax

3/18/2026 at 4:15:28 PM

Amazon is selling servers and storage. If you need to see logs properly, then get a right tool for it. Cloudwatch is a stop gap solution.

by debarshri

3/18/2026 at 4:18:13 PM

See my other comment. Logs are just one small symptom of a larger problem of poorly integrated very complex services where the complexity is pushed onto the users and not properly managed by Amazon. Which sounds very much like the problems with Azure.

by bmurphy1976

3/18/2026 at 5:49:45 PM

My general approach is to only use the most basic services from each cloud. VMs, networks, L3 load balancers, blob storage, etc

Build the rest yourself. In many cases their higher level service is just the same open source package you would run, just managed worse.

by lokar

3/18/2026 at 7:30:10 PM

this. with Kubernetes, you can get very far with just this and you won't have to deal with lock in BS either

by r_lee

3/18/2026 at 8:47:37 PM

Did someone say Active Directory?

by siva7

3/18/2026 at 2:50:45 PM

The Justice Department CIO who pressured FedRAMP to approve GCC High was hired by Microsoft the next year. I wonder if this shouldn't invalidate the authorization in the first place?

by ovidev

3/18/2026 at 3:05:35 PM

It's not very clear from the article, but I get the feeling from the context that the 'pile of shit' quote referenced the package of documentation about the service rather than the service itself.

(That seems to be the main complaint, that Microsoft never provided the clear information required to conduct the assessment properly).

by gertrunde

3/18/2026 at 5:26:56 PM

> The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence in assessing the system’s overall security posture,” according to an internal government report reviewed by ProPublica. > > Or, as one member of the team put it: “The package is a pile of shit.”

Yes, it seems pretty clear from that quote that the reviewer said the security package was a `pile of shit`, and propublica went on to extend that to the cloud itself. Not that I want to comment on the merits of Azure's security, but that sounds pretty clickbaity from propublica to me. A more appropriate title would have been

> Federal Cyber Experts Thought Microsoft’s Cloud Security documentation Was “a Pile of Shit.”

by charles_f

3/18/2026 at 5:49:24 PM

MS was (and still is it seems) unable to produce the data flow diagrams that FedRAMP wanted, ones that other cloud providers had no problem with. If the documentation is in such dire state, then the system itself is likely to also be in a dire state. I.e. The documentation is a pile of shit, so the system is also a pile of shit.

by evan_a_a

3/19/2026 at 12:42:46 AM

> microsoft unable to explain and show security model to federal cyber experts.

by tacticus

3/18/2026 at 3:11:55 PM

Wait- so they basically threw up their hands? No documentation! Not evaluable? Thus clearly of value for somebody? Big stamp, job well done! NEXT?

by 21asdffdsa12

3/18/2026 at 4:10:33 PM

Yes. US bureaucracy regularly gets told "You have to have <thing>" but because it's against a lot of people's ideology, they aren't allowed to build it internally or develop any sort of actual expertise for such a thing, so their only choice is to buy whatever is offered no matter how bad it is.

For example, our state government says "We will do X Y and Z which all require data science expertise, but we did not approve the $60k a year Data Science position, so instead we are forced to hire a Data Science contractor for $120k a year, and they can't really be fired, and they are terrible at their job"

And then people wonder why things suck all the time.

A lot of state's buy their Obamacare marketplace service from a company I am familiar with. That company is entirely incompetent. They cannot follow basic instructions. They cannot triage a bug at all. They do not read freaking tickets. They take weeks to respond to an issue. They cause bugs regularly in ways that imply they don't have functional source control. They continually fuck up basic feature requests. They change the service in ways that contravene the literal law. The law that was comprehensively explained to them by people I know.

But they can't be fired, because the state is legally compelled to provide this service, and is not really allowed to hire a few engineers to build it in house. They could go to a different software contractor, but all the options are just as bad because it's an entirely captured market.

Obama started a "Digital Services" group in the federal government to actually build systems internally and develop expertise to mitigate some of this, and they built stuff like tax filing solutions for free for Americans. So Trump killed it and hollowed out it's corpse for DOGE.

by mrguyorama

3/18/2026 at 4:38:10 PM

Emergency notifications are done the same way! Its communism to fucking build it, so let’s have a team of a few engineers make an API to control government infrastructure from incompetent contractors on AWS, offer no real means of testing, breaking changes, downtime… and folks wonder why Hawaii is told bombs are coming

by blizdiddy

3/18/2026 at 9:05:12 PM

That’s a perfectly valid reason to reject a security solution, and is one of my top complaints about Microsoft in this decade.

They fired all of their technical documenters, so their security critical systems, APIs, tools, and SDKs now have only auto-generated docs that are just the function names with spaces added between the words.

Like this:

    Overrides the authorization for an identity.

    AuthorizationOveride( string identity );

Good luck figuring out what anything important to your own security does, how it works, and what the consequences of small configuration changes might be.

by jiggawatts

3/18/2026 at 3:13:52 PM

Azure is easily the most expensive, least reliable and worst cloud available. It's borderline scam. An example today, I provisioned high IOPS SSDs (supposedly) and what is actually connected to the instance? A spinning hard drive! I didn't even know they were still made, but I guess Azure uses them and scams their users into thinking you're getting an SSD for $700/mo when its really an old hard drive.

I would warn anyone far and wide to avoid Azure at all costs, especially if you are a startup. And especially if you are doing any kind of AI because the only GPUs they have available are ancient and also crazy over-priced.

If I cared more, I'd try to migrate away from Azure. But I don't, and that's probably Azure's business model at this point.

by iamleppert

3/18/2026 at 3:25:23 PM

I’d love to see proof of your claim that they provisioned a hard disk when you requested an SSD, or, at the very least, tests that showed that the IOPS you requested were not delivered. Can you show us the receipts?

by otterley

3/18/2026 at 6:33:07 PM

Azure using SRE, I call BS. You don’t see underlying storage, it’s mounted as either SCSI or NVMe device as one HD. It’s obviously backed by massive fleet of drives just like EBS.

by stackskipton

3/20/2026 at 3:04:20 PM

I was wrong about it being a spinning disk, ROTA=1 is just how Linux reports Azure virtual disks. But the underlying frustration stands: my home NVMe does the same copy in a fraction of the time because it can do 500K+ IOPS with no virtualization overhead. Azure caps this "Premium SSD" at 7,500 IOPS, so a small-file-heavy copy crawls at 85 MB/s despite 250 MB/s provisioned throughput. You're paying SSD prices for artificially throttled performance — the hardware may be SSD, but the performance is just awful. Paying $900/month for the highest level Premium SSD, attached to a large instance, and it's significantly slower than a $200 SSD from 5 years ago.

by iamleppert

3/20/2026 at 4:43:32 PM

Sure the downside of virtualization is all disk calls are over the network which is way slower then local NVMe call. Upside is hardware failures are quickly handled.

by stackskipton

3/18/2026 at 2:48:00 PM

I'm guessing the requirements were written in a way that only Microsoft's cloud could with the bid.

Thats why you have Windows in the Pentagon instead of something secure.

by exabrial

3/18/2026 at 2:51:52 PM

> By late 2024, FedRAMP reviewers concluded that they had little choice but to authorize the technology — not because their questions had been answered or their review was complete, but largely on the grounds that Microsoft’s product was already being used across Washington.

The article talks a lot about conflicts of interest, but this is the line I went looking for. A bureaucracy fighting itself over goal prioritization, and what's a necessary roadblock vs red tape is the less sexy but more meaningful problem at the core of this.

Once the government decided they wanted the product, they were going to find a patsy.

by dogleash

3/18/2026 at 2:59:33 PM

If you "went looking for" this line, you're just reading into the statements your preconceptions.

I on the other hand have no expectation, and so it's not clear whether the "bureaucracy fighting itself" is a cause or a symptom. You're implying it's a cause and the solution is "less red tape". But it could be just a symptom of conflicts of interest, and less red tape just leads to more efficient corruption.

Again, you're just reading into it what you already believe in.

by fdghrtbrt

3/18/2026 at 3:02:52 PM

The sheer amount of conflict of interest with folk involved in this later getting employed by Microsoft is a bit crazy.

by gertrunde

3/18/2026 at 3:26:47 PM

There was definitely a point (late 90s?) when Microsoft finally figured out how to play the game. Coincided with the antitrust stuff.

by flir

3/18/2026 at 4:24:09 PM

To be fair, it's not always out of maliciousness. A lot of gov workers/contractors join the supplier company because they know the product and how to fix it better than the people currently at the company. Similar to the guy who infamously got hired at Apple just to fix a bug.

You're just forced to use vendors and if you actually care about the mission, it's just a different team on the same mission.

Of course you know you're being taken advantage of, and long-term maybe you should have gone to the non-technical side to fight it, but at the end of the day you just want to keep the young boys being shipped off to war safe, and you're much better suited to achieve that by remaining on the technical side.

...or so I've heard.

by scottyah

3/18/2026 at 3:14:43 PM

Frustrating that FedRAMP is both a pain to get compliant with and also apparently is not a strong signal of actual security.

by markstos

3/18/2026 at 3:16:44 PM

I see you've never worked in a compliance environment before.

by colechristensen

3/18/2026 at 3:23:42 PM

And may such evil days never come to past

by Havoc

3/18/2026 at 3:29:36 PM

Was this approval before or after evaluators discovered this?

> Microsoft on Friday revised its practices to ensure that engineers in China no longer provide technical support to U.S. defense clients using the company’s cloud services.

Ref: https://www.cnbc.com/2025/07/18/microsoft-china-digital-esco...

by caseysoftware

3/18/2026 at 7:37:43 PM

I don't have much experience with Azure but I was amazed at how many things in AWS GovCloud don't meet FedRAMP encryption requirements. For example, none of the lambda runtimes have FIPS certified encryption libraries available, and you have to bring you own, which is rather complicated to do.

by thayne

3/18/2026 at 5:31:24 PM

This is my opinion only, I'm sure some have had different experiences - but:

Azure's success as a cloud provider is mostly a result of their sales team and having an existing relationship with non-technical leadership. "We already pay them for Office and Exchange, let's just buy this new 'cloud' thing from them too".

Azure is barely considered an option at all within tech companies, yet is surprisingly widely adopted by non-technical companies that don't know any better (ie, that don't have a technical / engineering voice or representation within leadership).

AWS = Likely technically the best, for now. Mostly unreasonable pricing, and less motivation to seriously negotiate given they are the 'default' cloud provider for most of the industry. Kind of feels like they have peaked though, and are slipping more recently. Inevitable, or bad leadership changes?

OCI = New-comer, attractive pricing and hungry for business. Might be able to avoid mistakes other providers have made? Reliability struggles though. Parent company has a bad reputation in some circles - but probably not with decision makers. Making huge (unwise?) investments - that will either come crashing down in 5 years, or seriously pay off. Layoffs, but going for massive growth...huh?

GCP = Notably different underlying technical choices than other providers. Folks are maybe a bit less pragmatic, and more academic. This helps them in unique services (Spanner?) but hurts in most other areas. They've matured, and are btwn AWS and OCI in reliability. They are probably not as hungry for business as they should be given how far behind they are.

by kqgnkqgn

3/18/2026 at 8:55:09 PM

+10000 that Azure is a steaming pile of shit. Like what's this -- `azcopy` broken at head, and the working one doesn't guarantee correctness after a copy (99.6% copied successfully! good luck figuring out what went wrong!) compare that to migrating data with GCS or S3 -- they provide first class tools that do it right quickly (aws-cli, gsutil).

Want a VM? You'll also need this network security group, network interface, network manager, ip, virtual network... and maybe it'll be connected to the internet so you can SSH in? Compare to GCP or EC2 -- you just pick an instance and start it. You can SSH in directly, or even do it in the browser.

Billing also a nightmare: if you're running a startup, AWS and Google make it relatively easy to see how many credits you have left. The Azure dashboard makes you navigate a maze, and the button to click that says "Azure Credits" is _invisible_ for 30s until ostensibly some backend system finds your credits, then it magically shows up. Most people don't wait around and just assume there's no button.

And if you click it, maybe you will happen to be in the correct billing profile, maybe not! Don't get confused: billing profile and billing scope are different concepts too! And in your invoice, costs just magically get deducted, until they don't. No mention of any credits. Credits inaccessible through API (claude tried everything).

VMs, bucket storage, and copying data are the _simplest_ parts of the stack. Why would anyone bother trying to use other services if they can't get these right?

They literally give startups 2x the credits as GCP, 20x the credits of AWS and nobody wants to use them.

by kajecounterhack

3/18/2026 at 9:11:40 PM

Azcopy is special bad, the team that looks after it is made up entirely of junior developers that obstinately refuse to listen to feedback.

Its documentation title is "Copy or move data to Azure Storage by using AzCopy v10" but it can’t actually do trivial operations like “move” because the devs are too scared to write code that deletes files: https://github.com/Azure/azure-storage-azcopy/issues/1650#is...

I recommend switching to “rclone” instead to avoid the frustration. It won't fill your entire system disk up with unnecessary log files unlike azcopy, which is a significant source of production server outages where I work because of this default behaviour.

by jiggawatts

3/18/2026 at 8:45:26 PM

The vendor lock-in angle is the real story. Once you have AD, Exchange, Teams, and Azure all tangled together, the exit cost is enormous. I've watched orgs get approval for a full cloud migration based on cost savings projections that completely ignored the engineering cost of the decade-long migration that follows. The security issues are real but the procurement inertia is what keeps them renewing.

by sysops9x

3/18/2026 at 7:40:09 PM

EVERYTHING about the federal government contracts program sucks ass! In the beginning, it was good as you didn't want people forcing through their brother, mother, 2nd cousin, next door neighbor, Satya Nadella and their "company" as a contractor without oversight cough Kristi Noem cough. However, it has devolved into a mess. The entire thing needs to be scrapped and re-engineered.

by NoSalt

3/18/2026 at 10:47:13 PM

    “GCC High reviewers saw problems everywhere, both in what they were able to evaluate and what they weren’t. To them, most of the package remained a vast wilderness of untold risk.  Nevertheless, FedRAMP and Microsoft reached an agreement, and the day after Christmas 2024, GCC High received its FedRAMP authorization.”

How big was the ballroom donation?

by rawgabbit

3/18/2026 at 8:29:03 PM

Entropy is real. Microsoft has lessened the friction of purchasing vs their competitors. Public Sector this may be their only choice because they set the groundwork decades ago to do business with most organizations. It may not be the best solution, but it offers the least resistance to getting something up and running.

by crawdog

3/18/2026 at 4:22:35 PM

Azure is bad. But to be fair, every security summary of IT services I’ve ever read — or written! — for over 25 years has also been a “pile of shit”. It seems to be inherent to the cybersecurity game that everything is judged based on meaningless check boxes and nonsensical explanations. Meanwhile the actual security posture is obscured and ignored.

by skywhopper

3/18/2026 at 4:26:21 PM

Staying afloat on cyber compliance takes so much time and energy there's no room for actual cybersecurity analysis.

by scottyah

3/18/2026 at 3:24:50 PM

Little has changed since Bill Gates tried to install Movie Maker.

by jakubadamw

3/18/2026 at 4:19:31 PM

> Potential Conflict of Interest: The government relies, in part, on third-party firms to vet cloud technology, but those firms are hired and paid by the company being assessed.

Hah. First time looking at FedRAMP?

The real reason for this, of course, is accounting, it moves it off of the government's books.

by klooney

3/19/2026 at 1:38:26 AM

It feels a lot like the FAA and NTSB moving safety checks of the Max 8 to Boeing engineers. Like of course they’re going to OK it…

by SamuelAdams

3/18/2026 at 3:10:56 PM

Basically exactly what my org did. The momentum of being a Microsoft shop is hard to fight against.

by yoyohello13

3/18/2026 at 5:25:53 PM

> These highlights were written by the reporters and editors who worked on this story.

It's unfortunate that people have to claim the authenticity, rather than the users of AI having to disclose use of AI/LLM. I wish it was the other way around.

by gurjeet

3/18/2026 at 2:26:49 PM

Wow, Microsoft is really pushing the wrong boundaries in every direction, isn't it? Executives must be thinking, like many before them, that Microsoft is too big to fail.

by robtherobber

3/18/2026 at 2:42:55 PM

Executives only react to share price movements. If share prices are high because whatever investors think, then execs will just open another champagne bottle.

Steve Jobs was the last tech CEO who didn't care about wall street and only care about quality products and consumers saying that if customers are happy, then the share price will take care of itself. But most companies are share price first, customer later.

by joe_mamba

3/18/2026 at 3:22:13 PM

Is this just a case of MS needing to merge a lot of platforms, and there are gaps and overlaps.?

Maybe the critical question, are they making continuing improvements? Especially to merge conflicting functions.

Like when they bought Minecraft, or Skype. Each already had user management. Xbox was a mess. Merging them all took a lot of years.

by FrustratedMonky

3/18/2026 at 3:21:00 PM

Given the scale and scope of the Federal Government. what are the alternatives to Microsoft?

Building in house.

Outsourcing to consultants.

by brudgers

3/18/2026 at 4:27:28 PM

I think there's some context missing here. For those who don't remember, the CIA back in like 2014 or so built out private data centers with classified versions of AWS services and all IC workloads that don't require specialized hardware was supposed to be using. DOD historically used it as well for classified cloud workloads, but wanted its own, and this was the JEDI contract, which was also supposed to go to Amazon, until Trump got into a fight with Jeff Bezos in 2019, canceled the contract, and awarded it to Microsoft instead. Amazon sued, and Biden decided to just award the contract to everyone and split it between all the major cloud vendors. That still doesn't mean anyone can actually use it without FedRAMP approval, but well, there you go.

The alternative was AWS, which has been operating at every classification level for over a decade at this point. It's now split between Amazon, Microsoft, Oracle, and Google, which is especially amusing because Google withdrew from the original bid process when they were still pretending to give a shit that their employees don't like working for the military.

by nonameiguess

3/18/2026 at 4:16:29 PM

IBM? Redhat?

by realo

3/18/2026 at 2:14:21 PM

The original title is:

> Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway.

by hn_acker

3/18/2026 at 4:00:10 PM

This fits perfectly with traditional Microsoft strategies of getting a foot in the door and then having the users’ internal pressure on the organization to help get the Microsoft product established.

Decades ago, Lotus 1-2-3 on top of MSDOS was the lever; today it’s GCC High.

by shrubble

3/18/2026 at 4:08:00 PM

Microsoft has been selling piles of shit since the beginning of time. The fact that they keep selling is the biggest triumph of sales/marketing over decent engineering.

by sam-cop-vimes

3/18/2026 at 2:46:30 PM

I think plenty of software is a pile of shit and still derive value from it.

by Eridrus

3/18/2026 at 2:57:51 PM

Exactly, better the pile of shit you know than the pile of shit you don’t know - or the pile of shit that is u knowable.

by mock-possum

3/18/2026 at 3:14:23 PM

Yeah I'd go so far as to say that most useful software is "bad" in some way.

by snovymgodym

3/18/2026 at 7:45:56 PM

Worse is Better

by Y_Y

3/19/2026 at 1:57:10 AM

So, Microsoft products still are a garbage fire in March 2026. Fully aligned with the expectations

by captain_coffee

3/18/2026 at 3:55:13 PM

A rigged RFP, and some very happy lobbyists, chortling into their single malt all the way to the bank.

by SanjayMehta

3/18/2026 at 3:53:49 PM

the product got deployed across the government while the security review was still in progress. then fedramp approved it because it was already everywhere. seem like i saw a lobbyist or two with a broom sweeping something under a rug...

by kevincloudsec

3/18/2026 at 8:09:33 PM

when someone says they work at meta, they get weird looks, but no one assumes they're incompetent

when someone says they work at microsoft, they get weird looks, and people assume they're incompetent

by stainablesteel

3/18/2026 at 5:44:20 PM

Yeah, but this is how things work at that level.

Microsoft can be abhorrent. They will always get the contracts. Why? Corporate welfare.

Microsoft will drive the rules. Why? Too big to fail.

Microsoft will push their slop. Why? Cause they have contractors after contractors in the federal government pushing MS solutions. Doesnt matter if they're bad.

And, who'd pay for a 3PAO audit of a Linux distro? Ubuntu and Redhat have. Its a $120k moat.

by mystraline

3/18/2026 at 3:18:17 PM

Maybe the gaps are a frature or benefit at the same time.

by j45

3/18/2026 at 3:39:21 PM

its as funny as the IA research reports from DORA dev which all seem to be sponsored AI provider ads instead....

by fredgrott

3/18/2026 at 4:59:00 PM

A pile of shit you have leverage over is better than a pile of diamonds you don’t.

by gffrd

3/18/2026 at 5:26:12 PM

Microsoft is great at greasing palms

by franktankbank

3/18/2026 at 5:13:31 PM

okay what the hell is a "cyber expert"?

by babypuncher

3/18/2026 at 7:10:22 PM

Although "cyber" is a prefix used to denote a relationship to high technology there exist people who use it as a stand-alone term to mean "cybersecurity", e.g. "I work in cyber." It's very confusing given that it came from the word "cybernetic", the hundreds of other words that begin with it as well, and the existence of the term "cybersec" which is unambiguous and only a bit longer.

by alexjplant

3/19/2026 at 6:42:42 AM

The title says for me 'Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway.'

No editorializing guys! :)

by xyzal

3/18/2026 at 6:56:31 PM

Just like everyone else tasked with buying Microsoft

by rukuu001

3/18/2026 at 8:33:05 PM

So which is the most consistent cloud offering, that doesn't seem like a bunch of disparate services loosely wired together? GCP? AWS?

by GeoSys

3/18/2026 at 6:25:37 PM

all clouds are.

by riffic

3/18/2026 at 3:24:25 PM

Exactly, and that is the moat- a pile of shit that everyone can smell from afar.

by dwa3592

3/18/2026 at 6:16:26 PM

Is there a big cloud platform that isn't a pile of shit?

by DeathArrow

3/18/2026 at 5:11:59 PM

I mean, they also bought the F-35.

by Arubis

3/19/2026 at 4:24:02 AM

In all fairness, the F-35 does what it says on the tin. Azure doesn't. That you bring this up says a lot more about you than government purchasing.

by hunterpayne

3/20/2026 at 3:30:14 PM

It does _now_, since the deliverable capabilities and pricing changed well after the ink on the contracts was dry. The F35 program was picked over by experts and denounced internally, but went forward as a purchase anyway.

by Arubis

3/18/2026 at 11:19:32 PM

It sucks so bad to be a software dev today. We simultaneously have to worry about:

- Market monopolies reducing options/leverage

- Outsourcing

- AI automation

- Complexity explosion

These days, every company which has money is using some horrible clunky platform/infra and we spend 99% of our time just working around limitations of those platforms; Problems which were created artificially and don't need to exist... And at the same time we're expected to meet deadlines while almost all of the challenges we face involve certain critical aspects that are totally outside of our control and require us to wait for someone else to fix stuff while we work around it with some crappy solution and we can't just switch platforms or write it from scatch (which would be easier for a lot of us) because the organization forces us to use a particular platform because of the pretext that they are SOC2 compliant. It's total BS!

Not only we have to worry about threats to our jobs, when you look at who is being rewarded in this industry; it's essentially people who create bloat/unnecessary complexity and build these horrible products.

The industry is full of horrible products that everyone uses. There is no incentive for software engineers to be competent because look at what the market rewards!

This in turn affects organization politics; everyone who has some leverage over the platforms is (at least subconsciously) looking for ways to sabotage the tech to maximize billable hours to fix it later... Fixing the platform is their bread and butter so of course they never want to fix it completely. Anyone who tries to do the right thing runs into issues with managers for missing deadlines which they have ZERO control over due to underlying constraints of the platforms they are forced to use. The people 'maintaining' the platforms don't have deadlines do they? They can keep making money from the shit they produce by ensuring they stay shitty and ensuring that the people who actually have deadlines and actually try to get stuff done can't meet them!

by jongjong

3/20/2026 at 7:19:01 AM

[dead]

by Areena_28

3/19/2026 at 1:54:09 PM

[dead]

by maxothex

3/18/2026 at 4:02:36 PM

[dead]

by robutsume

3/18/2026 at 7:05:02 PM

[dead]

by bigfatkitten

3/18/2026 at 7:29:34 PM

[dead]

by natas

3/19/2026 at 1:21:33 AM

[dead]

by HBARLARI91

3/18/2026 at 9:03:24 PM

[dead]

by NandinoAI37

3/18/2026 at 6:15:43 PM

[dead]

by wsesamemr81

3/18/2026 at 5:07:58 PM

[dead]

by Heer_J

3/18/2026 at 3:39:42 PM

[flagged]

by pissedoffadmin

3/18/2026 at 3:39:26 PM

[flagged]

by pissedoffadmin

3/19/2026 at 12:11:14 AM

[flagged]

by jamesvzb

3/18/2026 at 9:17:20 PM

[flagged]

by davidliu847386

3/18/2026 at 3:01:28 PM

The government does most things poorly and with little regard to budget or quality. They can't solve problems that are much simpler than cloud computing, so why should I expect them to perform better at a more complex problem?

by ddtaylor

3/18/2026 at 3:12:36 PM

Sure. Your average private corporation would do much better at sanely evaluating Microsoft's cloud, and sanely acting on that evaluation.

Right.

You bet.

Absolutely.

by Hizonner

3/18/2026 at 8:18:45 PM

Nope neither the public entity nor the private corporation... it should be the market. WE decide with our business who is worthy, or not. Nice try, comrade!

by ContDestroyer

3/18/2026 at 8:28:37 PM

Fascinating.

Enlighten me further. How exactly will "the market" decide where the government, or a corporation, or even an individual, chooses to buy computing services? I'm very stupid, so you're going to have to explain step by step exactly how "the market" will do this. I mean, here I thought that choices like that were the inputs to the market.

Let's do it for the corporations first. I'm Microsoft. I need the market to decide for me where I should buy motherboards for my cloud data centers. Where do I apply to get "the market" to tell me that?

by Hizonner

3/18/2026 at 8:58:42 PM

You're right that corporations and individuals make those choices... that's exactly my point. Microsoft's procurement team evaluating motherboard vendors is the market working. What I'm saying is that process produces better outcomes than a government agency mandating which cloud provider everyone uses. The problem isn't who makes the choice, it's when the choice gets made for you.

by ContDestroyer

3/18/2026 at 9:04:30 PM

Gee, that's nice, but in this case they were deciding which cloud provider the government itself was going to use, not what provider you could use.

by Hizonner

3/18/2026 at 3:44:57 PM

I think this perspective has resolutely been debunked at this point.

The government has historically, routinely, consistently, solved problems more complex than cloud computing.

The only way you'd think otherwise is if you had some other motivation to pretend otherwise... some sort of ideology.

by whoknowsidont

3/19/2026 at 3:03:50 AM

https://news.ycombinator.com/item?id=47434383

by ddtaylor

3/18/2026 at 7:40:19 PM

> The government does most things poorly and with little regard to budget or quality.

That's a common line by conservatives who are actively sabotaging government with policies and laws which they then point to as evidence of such inefficiencies.

by cptskippy

3/19/2026 at 3:02:43 AM

[dead]

by ddtaylor

3/18/2026 at 3:04:10 PM

Basically false. They're better at health care. Better at education. Better at feeding people. Better at charity.

by hiddencost

3/18/2026 at 3:21:05 PM

Theres no need to be THIS cynical.

by MrBuddyCasino

3/18/2026 at 6:12:28 PM

[dead]

by hrmtst93837

3/18/2026 at 8:45:24 PM

[flagged]

by ContDestroyer

3/20/2026 at 8:14:17 AM

Please don't engage in ideological battle on HN. The guidelines make it clear we're trying for curious conversation here. https://news.ycombinator.com/newsguidelines.html

by tomhow

3/19/2026 at 2:57:10 AM

Private schools produce significantly better results that public schools.

Public transport has been disrupted by private transportation options like Uber, Lime, etc.

Public radio and TV is unused by the vast majority of people who use private options daily like streaming services or YouTube.

The public budget is perpetually in shambles and if it was a private company would have had to go bankrupt and cease business by now.

Social security and other support programs are perpetually failing and used as a political wedge.

by ddtaylor

3/18/2026 at 5:31:26 PM

Suddenly everyone on HN is an expert on Azure infrastructure.

it isn't the best but it's really great at a lot of things feature-wise. top-notch documentation as well (despite what these "experts" said).

Most companies literally run on Azure these days. Persistent hackers will get into any network, that's a guarantee, that's APT 101. It's law of averages. If it truly is "a pile of shit" given how it is probably the most used cloud platform by the most customers, including governments, and endless plethora of features and services it offers, shouldn't there be more compromises? 2-3 in a decade is hardly above what you expect for law of averages right?

Screw ups happen, but if it is systemic, you can't use one instance as evidence, you must establish a pattern of mishaps.

by notepad0x90

3/18/2026 at 5:53:52 PM

I ran a one of the largest multi-cloud service across azure, aws and gcp.

Azure was hands down, obvious to everyone involved the worst technically. In capabilities, bugs/correctness, availability and support.

by lokar

3/18/2026 at 10:33:39 PM

I can only speak from the perspective of someone who used/admined in all those 3 environments. I'm surprised you ranked google's support above microsoft. I've also seen bugs that would be unusual in other clouds, but other clouds have other pros/cons as well. GCP for example is capable, but it is tedious to use, and even harder to log/audit.

Of all 3 CSPs azure has the best identity management system. they're the worst in terms of charging for critical security measures that should be free, but when you pay for it, none of the other providers even come close to that capability.

The main reason people use Azure is easy integration. You're probably right when it comes to availability, no argument there, except maybe how AWS region outages seem to be a bi-annual holiday.

In practical terms, different CSPs might annoy people differently, but availability aside, I think they all suck in their own special way from a user experience perspective. AWS had to recently tell their devs/engs to have a senior dev review their vibe code because of all the outages it was causing.

by notepad0x90

3/18/2026 at 11:29:23 PM

The GCP support was fine, not great. For specific problems that you could provide data for and ideally a reproduction they were very good. But if you had feedback or concerns about how something was designed, or a missing feature they were useless (all of support, sales and product)

by lokar

3/19/2026 at 3:51:35 AM

Thanks, sounds about right. In my experience too, they're ok, but not great at "hand holding", for better or worse.

by notepad0x90