The feds are investigating Microsoft’s bundling practices

The Federal Trade Commission is investigating Microsoft in a wide-ranging investigation that will examine whether the company’s business practices run afoul of antitrust laws, according to people familiar with the matter. In recent weeks, FTC lawyers have been conducting interviews and setting up meetings with Microsoft’s competitors.

One key area of ​​interest is how the world’s largest software vendor bundles popular Office products together with cybersecurity and cloud computing services, said one of the people, who spoke on condition of anonymity to discuss a confidential matter.

This so-called bundling was subject to a recent ProPublica investigationwhich details how, starting in 2021, Microsoft used the practice to greatly expand its business with the US government while pushing competitors away from lucrative federal contracts.

At the time, many federal employees used a software license that included the Windows operating system and products such as Word, Outlook, and Excel. In the wake of several devastating cyberattacks, Microsoft has offered to upgrade these license packs for free for a limited time, giving the government access to its more advanced cybersecurity products. The company also provided consultants to install the upgrades.

Huge swaths of the federal bureaucracy adopted, including all military services in the Department of Defense — and then began paying for these enhanced services when the free trial period ended. Former sales leaders involved in the effort likened it to a drug dealer wooing consumers with free samples because they knew federal customers would effectively be locked into the upgrades once they were installed. Microsoft’s offering not only displaced some existing cybersecurity vendors, but also took market share from cloud providers such as Amazon Web Services as the government began using products that run on Azure, Microsoft’s own cloud platform.

Some experts told ProPublica that the company’s tactics may have violated laws governing collusion and competition, and the news organization reported that even some of Microsoft’s own lawyers have antitrust concerns about the deals.

Microsoft said its offer was “structured to avoid antitrust concerns.” “The company’s sole purpose during this period was to support an urgent request by the administration to improve the security posture of federal agencies that were constantly under attack from sophisticated threats from nation states,” Steve Fael, head of security for Microsoft’s federal business , ProPublica said.

Some of these hacks were the result of Microsoft security flaws. As ProPublica reported in June, Russian state-sponsored hackers in the so-called SolarWinds attack exploits a weakness in a Microsoft product for stealing sensitive data from the National Nuclear Security Administration and the National Institutes of Health, among other victims. Years before the attack was discovered, a Microsoft engineer warned product leaders about the flaw, but they refused to address it for fear of alienating the federal government and losing ground to competitors, ProPublica reported.

While the engineer’s proposed fix would have kept customers safe, it would also have created a “speed bump” for users logging into their devices. The addition of such “rubbing” was unacceptable to managers of the product group, which at the time was in a fierce rivalry with competitors in the market for so-called identity tools, the news organization reported. These tools, which ensure that users have permission to log into cloud programs, are important to Microsoft’s business strategy because they often lead to demand for the company’s other cloud services.

One such identity product, Entra ID, formerly known as Azure Active Directory, is another focus of the agency’s investigation, according to a person familiar with the FTC’s probe.

Microsoft defended its decision not to address the SolarWinds issue, telling ProPublica in June that the company’s assessment included “multiple reviews” at the time and that its response to the security issues was based on “potential disruption to customers , usability and mitigation measures available’. ” He promised to put security “above all else”.

The Federal Trade Commission is viewing the fact that Microsoft won more federal business despite leaving the government vulnerable to hacks as an example of the company’s problematic power over the market, a person familiar with the investigation told the news organization.

The Commission is not alone in this opinion. “These guys are sort of a version of ‘too big to fail,'” said Sen. Ron Wyden, Democrat of Oregon, who chairs the Senate Finance Committee and a longtime critic of Microsoft. “I think it’s time to strengthen the antitrust side of the house by addressing antitrust abuses.”

The FTC’s investigation of Microsoft, which was first reported by Financial Times and Bloombergis far from the company’s first run-in with federal antitrust regulators. More than two decades ago, the Justice Department sued the company in a landmark antitrust case that nearly brought it down. Federal prosecutors alleged that Microsoft maintained an illegal monopoly in the operating system market through anticompetitive behavior that prevented competitors from gaining a foothold. The Justice Department eventually settled with Microsoft, and a federal judge approved a consent decree which imposed restrictions on how the company could develop and license software.

John Lopatka, a former FTC consultant who now teaching of antitrust law at Penn State, told ProPublica that Microsoft’s actions, detailed in the news organization’s recent reports, follow a “very familiar pattern” of behavior.

“It really mirrors the Microsoft case” decades ago, said Lopatka, who co-authored a book on the case.

In the new investigation, the FTC sent Microsoft a civil investigation request, the agency’s version of a subpoena, forcing the company to turn over information, people familiar with the investigation said. Microsoft has confirmed that it has received the document.

Company spokesman David Cuddy would not comment on the specifics of the investigation, but said the FTC’s request was “broad, sweeping and requires things that are beyond the realm of possibility to even be logical.” He declined to provide protocol examples. The FTC declined to comment.

The agency’s investigation follows a public comment period in 2023 during which it sought input on the business practices of cloud providers. When that ended, the FTC said it remained interested in whether “determined business practices impede competition.’

The recent request to Microsoft represents one of FTC Commissioner Lina Hahn’s latest moves as chair, and the investigation appears to be gathering momentum as the Biden administration winds down. However, the commission’s new leadership will decide the future of the investigation.

President-elect Donald Trump said this month he would nominate Commissioner Andrew Ferguson, a Republican lawyer, to lead the agency. After the Ferguson announcement said in a post by X“We at the FTC will end Big Tech’s vendetta against competition and free speech. We will make America a global technology leader and the best place for innovators to bring new ideas to life.”

Trump also said he would nominate Republican attorney Mark Meador as commissioner, describing him as a “antitrust authority” who previously worked at the FTC and the Department of Justice. Meador is also a former aide to Sen. Mike Lee, Republican of Utah, who introduced legislation to break up Google.