Microsoft Tightened Human Rights Controls After the IDF-Azure Review

Microsoft this week tightened its human rights governance for national security clients worldwide, publishing a five-page report that lays out new controls across all its security-agency engagements. The document is the direct product of an internal review triggered by a joint investigation showing that Unit 8200, Israel’s military intelligence agency, had stored recordings of millions of Palestinian phone calls on Azure cloud servers. The new framework governs every government security body using Microsoft’s cloud.

Alon Haimovich, Microsoft Israel’s country general manager, left the company in May after an ethics investigation found his office had not been fully transparent with global headquarters about how the Defense Ministry used its systems. Microsoft Israel, without a replacement general manager, is now administered by Microsoft France.

Microsoft’s Five-Page Policy Rewrite

In its published summary, Microsoft said its factual findings from the review remain unchanged and that the new measures are designed to improve “the effectiveness of our human rights governance” across all security-related engagements. The company’s human rights policy framework explicitly prohibits uses enabling the mass surveillance of civilian populations. That prohibition predated the intelligence agency’s commercial relationship with the Defense Ministry.

• Tighter pre-contract background checks and vetting for national security-related agreements before they are signed
• A reassessment of how security clearances are managed for employees working in markets outside the United States
• Periodic reviews to confirm whether customers comply with acceptable-use policies, with heightened attention when political circumstances shift or a project changes
• New anonymous channels for employees who want to raise concerns about the development or deployment of technologies
• Expanded internal training on human rights governance for staff involved in government and security-agency work

The document was produced by Covington & Burling, the U.S. law firm retained for the review, which examined corporate records, financial statements, contracts, and internal correspondence rather than direct access to the intelligence unit’s data.

From a Seattle Meeting to 11,500 Terabytes

The program at the center of the review traces to November 2021. Yossi Sariel, then-commander of Unit 8200, traveled to Microsoft’s Seattle headquarters to meet with chief executive Satya Nadella. According to leaked internal documents published by the joint investigation by +972 Magazine, Local Call, and the Guardian, Sariel told senior executives he wanted to move up to 70 percent of the intelligence unit’s data, including classified material, into the company’s cloud infrastructure. Microsoft has said it is “not accurate” that Nadella personally endorsed the project, though internal records showed his awareness of the plan. A dedicated team of engineers then built a customized, segregated environment within the platform specifically for the unit’s use.

By 2022, the program was operational. Intelligence sources described its ambition as “a million calls an hour,” meaning the collection and storage of that volume of intercepted Palestinian phone calls daily from Gaza and the West Bank. The unit had turned to Microsoft’s infrastructure after concluding its own servers lacked the capacity, in one source’s phrase, “to bear the weight of an entire population’s phone calls.” Israeli officials had been aware from early in the partnership that housing classified material on European servers carried legal risk; an internal Justice Ministry document warned that a lawsuit involving a major cloud provider “would be particularly harmful to Israel.” Microsoft was excluded from Israel’s “Nimbus” government cloud contract, awarded to Google and Amazon in 2021, meaning the Defense Ministry’s commercial use ran through servers in the Netherlands and Ireland, both under EU jurisdiction.

• 11,500 terabytes of Israeli military data stored on Microsoft servers in the Netherlands by July 2025, per the Guardian and +972 Magazine investigation
• 60 percent higher average monthly cloud consumption by the Israeli military in the six months after the October 7, 2023 Hamas attack compared to the preceding four months, per documents reviewed by Access Now, a digital rights organization
• 64 times higher monthly usage of the platform’s machine-learning tools by the Israeli military by March 2024 versus the September 2023 baseline, same source

Sariel resigned as the unit’s commander in September 2024, over intelligence failures surrounding the October 7 attack. The Guardian and +972 Magazine published their investigation in August 2025. Roughly ten days later, Microsoft opened the formal external review.

What the Review Turned Up in Tel Aviv

The investigation covered more than contract compliance. People familiar with the review told reporters it examined how Microsoft employees in Tel Aviv “experienced conflicting loyalties between their duties to the company and their support for the IDF” after the October 7 attack. Several staff members who had managed projects with the intelligence agency had previously served in it, or continued to serve as reservists.

From 2021, Microsoft engineers had worked directly alongside military intelligence personnel to build the custom cloud infrastructure. Some were themselves veterans of the unit, which, per the investigation, made the technical collaboration “much easier.” A concern raised inside Microsoft’s leadership was that some Israel-based employees may have concealed information about the program’s scope during the first external review, completed in May 2025, which had concluded there was “no evidence to date” that the platform was being used to target or harm people in Gaza.

The August 2025 Guardian and +972 Magazine investigation changed that picture. Microsoft’s notification to the Defense Ministry, cited by the Guardian, confirmed the company had found evidence “supporting elements” of the reporting, specifically around cloud storage consumption in the Netherlands. Covington & Burling’s assessment was the second external review Microsoft had commissioned; the gap between the first review’s conclusions and what the investigation revealed prompted examination by legal analysts of how tech companies govern classified clients in conflict zones.

The review also concluded that the Israeli subsidiary had not been forthcoming with Redmond about the full scope of the relationship. Per sources cited by Globes, Israel’s financial daily, that conduct exposed Microsoft to legal and regulatory risk in Europe, where the military’s surveillance data sat on servers under EU jurisdiction.

Microsoft Israel, Now Managed from Paris

In late May, Microsoft announced Haimovich’s departure without giving a reason publicly. Per Globes, an investigation team from Redmond had arrived in Israel weeks before the announcement, focused on the sales department handling the Defense Ministry relationship and on whether the branch had operated with full transparency toward headquarters. Several managers in Microsoft Israel’s governance department also left. The investigation found conduct the company says was not transparent toward global management and that damaged trust in the branch’s leadership, per a source in the Israeli software market cited by Globes.

Microsoft has appointed no replacement general manager for the country. Per Globes, global management placed the Israeli subsidiary under the interim authority of Microsoft France. Until the restructuring, Microsoft Israel had reported to the company’s regional management in Dubai. The shift to France concentrates oversight at the European level, where the regulatory exposure from the surveillance data had been most acute.

In a letter to staff, Haimovich described a tenure in which “we built something truly meaningful” and said Israel had been positioned as “one of Microsoft’s fastest-growing markets worldwide.” He said he would pursue “a new professional path” in technology and AI. Microsoft declined to comment on the specific conduct that prompted his departure.

The Services That Stayed

In September 2025, Brad Smith, Microsoft’s vice chairman and president, confirmed the company had “ceased and disabled” specific subscriptions for the intelligence unit’s surveillance program after finding evidence consistent with the investigation.

We do not provide technology to facilitate mass surveillance of civilians. We have applied this principle in every country around the world, and we have insisted on it repeatedly for more than two decades.

Smith issued the statement as the September suspension was announced. The suspension was specific; the broader commercial relationship continued.

Per reporting by +972 Magazine, the intelligence unit moved the suspended surveillance data to Amazon Web Services within days of the termination. Microsoft also acknowledged in its published report that in the weeks after the October 7 attack it provided Israel with limited emergency assistance under “special oversight,” approving some requests and rejecting others. JLens, an investment adviser affiliated with the Anti-Defamation League (ADL), argued in November 2025 that governance changes of this kind risked eroding the platform’s neutrality with government clients; it noted that Microsoft’s Intelligent Cloud segment generated more than $100 billion in fiscal 2025 and that a one-percent drop in contract renewals could mean more than $1 billion in lost revenue.

Why Other Tech Giants Haven’t Moved

Activists demonstrated outside Microsoft’s annual developer conference in San Francisco this week, carrying signs reading “Microsoft funds genocide” and demanding the company cut ties with Israel. The same group, No Azure for Apartheid, had occupied Brad Smith’s office at the Redmond campus in August 2025 and staged protests at a Microsoft data center in Europe.

At the December 2025 annual shareholder meeting, the Religious of the Sacred Heart of Mary, a Catholic women’s organization, led Proposal 9, calling on Microsoft to assess the effectiveness of its human rights due diligence processes. Backed by 58 co-filers and endorsed by proxy adviser Institutional Shareholder Services (ISS, a shareholder voting advisory firm), it received more than 26 percent of votes cast. The board had recommended against it, and more than 70 percent voted no. Norway’s Government Pension Fund Global, one of the world’s largest sovereign wealth funds, was among the backers. Human Rights Watch called on the company in October 2025 to subject its Israeli contracts to close scrutiny, citing “the prolonged nature of the Israeli occupation.”

Microsoft’s peers remain in a different posture. Amazon Web Services, Google, OpenAI, and Palantir have all faced public criticism over contracts with Israeli authorities and technologies deployed in Gaza. In a May 2026 letter to Microsoft leadership, Access Now, the Electronic Frontier Foundation (EFF), Amnesty International, and other organizations called on the company to release its findings and suspend relationships tied to serious human rights abuses. The EFF noted that Microsoft’s competitor companies “have refused to take action” despite mounting evidence of risk. Amnesty International, welcoming the September 2025 suspension, had called it “a strong signal to all companies” facing similar pressure.

Israel’s Defense Ministry is expected to seek renewal of the Microsoft contract at the end of 2026, per Globes, though at a smaller scale; defense computing units have already shifted significant portions of cloud infrastructure to Amazon and Google.