By Nicole Weatherholtz | Monday, March 23, 2026
Two former senior Biden administration officials who played key roles in the Justice Department’s approval and implementation of Microsoft’s government cloud platform now hold top positions at the company, raising concerns after Chinese hackers breached the system.
Former DOJ chief information officer Melinda Rogers and former deputy attorney general Lisa Monaco were both involved in the department’s handling of GCC—the secure cloud product marketed for federal agencies. Public records indicate Rogers is now a partner in Microsoft’s enterprise cloud division, while Monaco serves as the company’s global affairs president.
The developments follow heightened scrutiny over how Microsoft secured and maintained a significant government contract despite auditors raising security concerns. A recent investigation revealed that before Chinese hackers infiltrated GCC, federal officials auditing the product noted Microsoft struggled to demonstrate adequate security measures.
In early 2020, the DOJ adopted GCC after Rogers completed third-party reviews and an internal audit. This decision granted Microsoft a major boost by placing GCC on the government’s official cloud marketplace—effectively providing it with an implicit seal of approval.
Subsequent to adoption, GCC became the focus of disputes with federal auditors, who reported that Microsoft repeatedly failed to provide critical information about its security practices. Additionally, some auditors highlighted conflicts of interest among third-party organizations that initially cleared GCC, as Microsoft paid them.
In 2023, the White House confirmed Chinese state-sponsored hackers infiltrated GCC and accessed emails and other data from high-level officials including the U.S. Commerce Secretary and the ambassador to China. Afterward, auditors informed Microsoft it would need to restart the approval process for full authorization.
According to an anonymous DOJ official, Microsoft’s government cloud point man, John Bergin, pushed the department to “throw around our weight” to secure authorization. During a December meeting with auditors, Bergin argued they should “essentially just accept” GCC’s security claims because the DOJ had already approved it. Rogers, per reports, supported Microsoft and pressured auditors to “get this thing over the line.”
Eric Mill, a former executive director for cloud strategy at the General Services Administration, stated that Rogers was “not willing to put heat on Microsoft” regarding security issues and that the DOJ was “too sympathetic” to Microsoft’s claims.
Despite auditors concluding there was “a lack of confidence in assessing the system’s overall security posture,” Microsoft retained federal authorization for its cloud services.
In a statement, Microsoft defended its hiring of both women, asserting there is “absolutely no connection” between their appointments and any involvement with GCC High approval. The company added it complies fully with all rules regarding former government employees’ employment.
