Summary
How the tech giant's AI ambitions, cloud dominance, and security failures sparked the most comprehensive federal probe since the 1990s
Twenty-five years after nearly being broken up by the US government, Microsoft faces another major federal antitrust investigation. The stakes are far higher now, the scope far broader, and the implications stretch from artificial intelligence and cloud computing to national security and critical infrastructure.
The FTC’s probe into Microsoft spans AI, cloud dominance, bundling, and national security—its broadest case since the 1990s.
The Federal Trade Commission has launched what may be the most comprehensive investigation into Microsoft Corporation since the landmark 1990s case that reshaped the tech industry. Unlike that earlier probe, which focused primarily on web browsers and desktop software, today's investigation spans the company's entire ecosystem: its dominance in cloud computing, its aggressive bundling of productivity software with security services, its multi-billion-dollar partnership with OpenAI, and a series of devastating cybersecurity breaches that have compromised US government agencies.
The investigation has persisted across political administrations. First reported by Bloomberg in November 2024, it was launched in the final weeks of the Biden presidency under FTC Chair Lina Khan. The probe has not only survived but intensified under Donald Trump's appointee, Andrew Ferguson, who has declared big tech enforcement a top priority of his tenure.
The Investigation Continues
The formal investigation began in November 2024, when Khan signed off on a sprawling civil investigative demand spanning hundreds of pages. The document, obtained and reviewed by Bloomberg, compels Microsoft to turn over nearly a decade of data about its operations, from 2016 through 2025.
Federal investigators are seeking detailed information about Microsoft's AI operations, including the costs associated with training models and acquiring training data. They're looking into the firm's data centres, its struggles to meet customer demand for computing power, and its software licensing practices. Most significantly, they're scrutinising Microsoft's relationship with OpenAI, particularly whether the partnership was structured to avoid merger review requirements.
🖐 Gain insights into pricing strategies. Discover how: Pricing Research and Pricing Metrics.
The FTC is examining Microsoft's practice of bundling its Office productivity suite with cybersecurity and cloud computing tools, a strategy that has helped the company secure billions of dollars in government contracts while potentially excluding competitors. They're also investigating licensing restrictions that allegedly make it punitive for customers to move data from Microsoft's Azure cloud platform to competing platforms.
Microsoft's current actions follow "a very familiar pattern" that "echoes the Microsoft case" from decades ago, according to John Lopatka, an antitrust law professor at Penn State who served as a consultant during the 1990s investigation.
When Politics Don't Matter
Perhaps the most remarkable aspect of this investigation is how it has transcended partisan politics. When Ferguson took over as FTC Chair in January 2025, replacing the progressive Khan, many expected a softer approach toward big tech. Instead, Ferguson has doubled down.
In March 2025, Ferguson confirmed that "big tech is one of the main priorities of the Trump-Vance FTC." Bloomberg reported that FTC staff continued working on the investigation under his leadership. He appointed Daniel Guarnera, a former Department of Justice antitrust lawyer who worked on high-profile cases against Google and Apple, as his new head of competition.
Leadership change didn’t slow the probe: under Ferguson, enforcement priority stayed high and industry outreach continued.
The investigation has continued unabated under Ferguson's leadership. FTC staff have kept working on the probe, meeting with companies and other groups to gather information, according to people familiar with the matter. One company told Bloomberg it has "heard regularly from the FTC" about Microsoft's licensing practices since the demand was sent.
Both Republican and Democratic officials worry about Microsoft's market power, explaining why the investigation has survived the change in administrations.
The Bundling Problem That Started It All
At the heart of the FTC's concerns lies a practice as old as Microsoft itself: bundling. Just as the company once faced scrutiny for tying Internet Explorer to Windows, today's investigation focuses on how Microsoft packages its Office productivity suite with cybersecurity and cloud services.
Bundling has proved effective, particularly in securing government contracts. A ProPublica investigation detailed how, beginning in 2021, Microsoft used this practice to vastly expand its business with the US government while excluding competitors from lucrative federal contracts.
Bundling familiar Office tools with cloud and security services locks government buyers deeper into Microsoft’s ecosystem.
Many federal employees already use software licences that include Windows, Word, Outlook, and Excel. When Microsoft began bundling these familiar products with Microsoft Entra ID (formerly Azure Active Directory) and other cloud services, government agencies found it easier and cheaper to stick with Microsoft rather than cobble together solutions from multiple vendors.
The FTC is examining whether this bundling violates antitrust laws by using Microsoft's dominance in productivity software to gain unfair advantages in cloud computing and cybersecurity markets. The agency is particularly interested in how the company structures licensing to make it difficult and expensive for customers to switch to competitors.
🖐 Secure better terms and mitigate lock-in. Learn more: Microsoft Azure Contract Negotiation.
The OpenAI Entanglement
Microsoft's relationship with OpenAI has drawn intense scrutiny. What began as a $1 billion investment in 2019 has grown into a multi-billion-dollar partnership that has affected both companies and given Microsoft a major position in the AI market.
The FTC's investigation is examining whether this partnership amounts to an undisclosed merger that should have been subject to antitrust review. Microsoft didn't disclose its investment to competition regulators, and the FTC also has been questioning whether the deal was structured as a partnership to avoid a merger investigation.
Microsoft's total investment in OpenAI has reportedly exceeded $13 billion, giving it an exclusive license to OpenAI's technology and deep integration into its products. In 2023, just one month after investing an additional $10 billion, Microsoft began rolling out ChatGPT-powered features across its entire product suite, from Bing search to Office applications.
Microsoft’s $13B OpenAI deal gives it exclusive tech access—raising merger and competition concerns.
The FTC is also looking at something more troubling: Microsoft's decision to scale back its own AI research after partnering with OpenAI. Internal documents show that the company began cutting funding for its own AI development projects, reducing competition in the field.
Regulators want to know whether profits from Microsoft's other business segments give it an unfair edge over AI competitors. Unlike pure-play AI companies that must secure external funding, Microsoft can subsidise its AI investments with revenue from Windows, Office, and Azure.
Security Failures Draw Government Scrutiny
Several major cybersecurity breaches have made the FTC investigation more urgent, exposing the risks of over-reliance on Microsoft products for critical government functions.
The serious incident occurred in July 2023, when Chinese cyberspies targeted State Department and Commerce Department officials through Microsoft email services. The breach was so severe that it prompted a comprehensive review by the Cyber Safety Review Board, which concluded that "Microsoft's security culture was inadequate and requires an overhaul."
A separate 2024 incident saw Kremlin-linked hackers access federal agency emails via Microsoft systems. These breaches have raised fundamental questions about the wisdom of concentrating so much critical infrastructure in the hands of a single vendor.
Major breaches show how government reliance on Microsoft has turned into a national security liability.
The security concerns escalated in September 2025, when Senator Ron Wyden sent a sharp letter to FTC Chair Ferguson calling for an investigation of Microsoft's "gross cybersecurity negligence." Wyden cited the company's role in the 2024 Ascension Health ransomware attack that affected 5.6 million people.
"Microsoft has become like an arsonist selling firefighting services to their victims," Wyden wrote, highlighting how the company profits from selling cybersecurity services to fix problems in its own insecure software.
The senator's letter detailed how Microsoft continues to support vulnerable RC4 encryption technology despite repeated warnings from security agencies. He noted that Microsoft's de facto monopoly on operating systems means that most organisations have little choice but to accept whatever security settings the company provides.
Microsoft Fights Back
Microsoft has not taken the investigation lying down. The company has mounted an aggressive response on multiple fronts, challenging both the substance of the probe and the FTC's conduct.
In December 2024, Microsoft formally requested that FTC Inspector General Andrew Katsaros investigate alleged information leaks from the agency. The company claimed it learned of the investigation through media reports rather than official FTC notification, accusing the agency of "strategically leaking nonpublic information" in violation of ethics rules.
Microsoft used the same playbook during the 1990s investigation, when the company aggressively challenged government conduct while cooperating with the formal legal process. Today, the company is attempting to narrow the scope of information being requested.
Microsoft isn't just complaining about procedure. The company wants to undermine the FTC's credibility and cast doubt on the investigation's integrity. Microsoft has filed formal requests for investigation and claims the FTC violated its own guidelines, stating "existence of an FTC investigation is nonpublic information." The company has cited the FTC Inspector General's report, noting "steadily increasing" unauthorised disclosures during Khan's tenure.
Corporate VP and Deputy General Counsel Rima Alaily is leading Microsoft's regulatory response, coordinating a strategy that combines public cooperation with private resistance.
The Broader Tech Landscape
The Microsoft investigation comes as the FTC pursues multiple antitrust cases against big tech companies. The FTC is simultaneously pursuing cases against Meta Platforms and Amazon, while the Department of Justice has major ongoing cases against Google and Apple.
The Microsoft case is unique in several respects. Unlike other big tech investigations that focus on specific markets or practices, this probe examines traditional antitrust concerns about bundling and market dominance, cutting-edge issues around AI partnerships and data portability, and national security questions about cybersecurity and government dependency.
Unlike other big tech cases, the Microsoft probe spans bundling, AI, data portability, and national security.
Microsoft's business model has changed since the 1990s. Where the company once relied primarily on selling software licences, it now operates a vast ecosystem of interconnected services. Regulators find it harder to identify specific harmful practices, but also potentially more damaging to competition when problems are found.
Ferguson's FTC has inherited several cases against big tech companies from Khan, including lawsuits against Meta Platforms and Amazon. While Ferguson has promised to provide "regulatory certainty," he has also made clear that this doesn't mean backing down from big tech enforcement. His appointment of Guarnera, a veteran prosecutor with experience in major tech cases, signals continuity rather than retreat.
Looking Back: The 1990s Parallel
The current investigation inevitably invites comparisons to the landmark 1998-2001 antitrust case that nearly broke up Microsoft. The parallels are striking: bundling practices, competitor complaints, concerns about government dependency, and Microsoft's aggressive response strategy.
In that earlier case, the government alleged that Microsoft maintained an illegal monopoly by bundling Internet Explorer with Windows, preventing competitors like Netscape from gaining market share. Judge Thomas Penfield Jackson initially ordered Microsoft to be split into two companies, though this remedy was later overturned on appeal.
Today’s Microsoft case echoes the 1990s—but with far higher stakes across AI, cloud, and national security.
The case eventually ended in a 2002 settlement that imposed conduct restrictions rather than structural changes. Microsoft agreed to share its application programming interfaces with third-party companies and submit to ongoing monitoring.
Today's investigation raises similar questions but with far higher stakes. Microsoft's influence extends far beyond desktop computing to encompass cloud infrastructure, artificial intelligence, and critical government systems. A 2002-style settlement might not be sufficient to address current concerns about market concentration and national security.
The National Security Dimension
What distinguishes today's investigation from the 1990s case is the prominent role of national security concerns. Microsoft's products are deeply embedded in US government operations, from Department of Defense contractors to state department communications systems.
The series of high-profile breaches has exposed the risks of this concentration. When Chinese hackers compromised Microsoft's email services, they gained access to communications from senior government officials. When Russian operatives infiltrated Microsoft systems, they could read federal agency emails.
National security now defines the FTC’s Microsoft case—breaches show the risks of over-reliance on one vendor.
A separate 2024 incident saw Kremlin-linked hackers access federal agency emails via Microsoft systems. Officials now question whether the government relies too heavily on Microsoft for critical systems. The FTC's November 2023 report warned that cloud market concentration could have widespread economic effects.
Congressional pressure has intensified these concerns. Senator Wyden's recent letter to Ferguson is just the latest in a series of interventions by lawmakers worried about Microsoft's dual role as both a source of cybersecurity problems and a vendor of cybersecurity solutions.
Industry Impact and Stakeholder Views
Microsoft's competitors and partners are watching the investigation closely. If the FTC forces changes to Microsoft's business practices, other major tech companies will have to change how they operate, too.
The FTC’s case against Microsoft could reshape the broader tech ecosystem—from rivals to government buyers.
Google has emerged as one of Microsoft's most vocal critics, filing a European Commission complaint in September 2024 over Microsoft's cloud licensing practices. Other cloud providers have reportedly provided information to FTC investigators about Microsoft's competitive practices.
Government agencies that have invested heavily in Microsoft's ecosystem may have to diversify their technology suppliers if regulators conclude that concentration poses unacceptable risks.
Microsoft is investing billions in AI infrastructure and partnerships just as regulators question whether these investments comply with antitrust laws. The company's stock price has remained relatively stable, suggesting investors believe Microsoft can navigate the regulatory challenges, but the investigation creates uncertainty about the company's future strategy.
What Comes Next
Wide-ranging antitrust investigations typically take two to three years to complete, and there's no guarantee they will result in formal charges or settlements. The FTC could ultimately conclude that Microsoft's practices don't violate antitrust laws, or it could pursue remedies ranging from conduct restrictions to structural changes.
The scope of the current investigation shows regulators are preparing major action against Microsoft. The FTC could require Microsoft to modify its licensing terms, separate productivity software from cloud services, improve data portability for customers, or enhance cybersecurity standards for government contractors.
Possible FTC remedies include separating Microsoft’s software and cloud, easing data portability, and tightening security standards.
The political calendar complicates matters further. While Ferguson has committed to vigorous big tech enforcement, the 2028 election cycle could bring new leadership with different priorities. But Microsoft's market dominance worries politicians from both parties, so the investigation will likely continue regardless of political changes.
The Information Gap
As of September 2025, there has been a notable lack of public reporting on the investigation's progress since March. The silence has three likely explanations: the investigation is proceeding confidentially, the FTC has stopped the leaks that plagued the initial disclosure, or investigators are simply digesting the massive amount of information they've gathered.
Senator Wyden's September letter is the most significant recent development, adding cybersecurity concerns to the existing antitrust allegations. His characterisation of Microsoft as "an arsonist selling firefighting services" captures the broader frustration with the company's role in both creating and profiting from cybersecurity problems.
The Stakes
If regulators conclude that Microsoft's bundling practices violate antitrust laws, other major tech companies may have to change how they structure their products and pricing.
The case will test whether antitrust law can keep pace with the rapid evolution of technology markets. Antitrust law was written for old-school industrial monopolies, not tech giants that run critical digital infrastructure.
Regulators face a dilemma. Break up Microsoft or force major changes, and they might disrupt critical government systems. But let Microsoft keep its current dominance, and the security problems will likely get worse.
Microsoft could emerge stronger if it successfully defends its business model, gaining greater regulatory certainty. But the investigation will likely continue for years, creating ongoing uncertainty for the company.
🖐 Protect your organisation against Microsoft’s tactics. Explore: Microsoft Audit Defense.
The Broader Questions
How much market concentration is too much? When does innovation-driven growth become anticompetitive dominance? How should regulators balance efficiency against competition in evolving markets?
These questions don't have easy answers. Microsoft's defenders argue that the company's success reflects superior products and legitimate business strategies. But once customers get locked into Microsoft's ecosystem, switching to competitors becomes expensive and difficult.
Technology companies compete globally. While US regulators focus on domestic market effects, Microsoft competes against Chinese and European rivals in a complex international marketplace. Aggressive enforcement might weaken US technology companies against foreign competitors.
Looking Forward
Microsoft must defend its business model while adapting to new regulatory requirements. The company has survived major antitrust challenges before, but today's technology landscape is far more complex than it was in the 1990s. CEO Satya Nadella has overseen Microsoft's transformation into a cloud and AI powerhouse, but now must deal with this regulatory scrutiny.
Ferguson has said his FTC will pursue vigorous antitrust enforcement while providing greater regulatory clarity than its predecessor. The Republican chair, who previously served as Virginia Solicitor General, wants tech companies to know what they can and can't do.
For now, the investigation continues in relative quiet, with career FTC attorneys gathering information and building their case.
Unlike the 1990s browser case, today’s probe targets Microsoft’s role in AI, cloud, and critical infrastructure.
The ghost of the 1990s Microsoft case still looms over Redmond, but today's investigation covers artificial intelligence, cloud infrastructure security, and competition in tech markets—far more than web browsers and desktop software. The outcome will affect how major tech companies structure their businesses and could influence America's competitive position in key technologies like AI and cloud computing.