Amazon CISO CJ Moses called out Microsoft over security flaws, delaying the deployment of Microsoft 365 at Amazon for a full year. Moses stated that Microsoft needs to fix a range of security issues, including improving protections against unauthorized access and creating better activity logs.
The decision has sparked mixed reactions in the tech industry. Some praised Amazon for using its influence to push Microsoft, a key competitor, to improve cybersecurity. With $575 billion in annual revenue and nearly 1.6 million employees, Amazon is one of the few companies capable of holding Microsoft accountable.
Others, however, questioned Amazon’s motives, suggesting the move doubles as a promotional strategy for Amazon Web Services (AWS), emphasizing AWS’s security strengths while highlighting Microsoft’s weaknesses.
Moses discussed the matter publicly with Bloomberg, explaining that Amazon’s requests included tools to verify user authorization and track actions in real-time to identify potential security risks. Microsoft’s current system, built from multiple products, uses different protocols that Amazon found inadequate. Moses noted, “We deep-dived into O365 and held it to the same bar as we do for our own services.”
Moses also highlighted his working history with Microsoft’s security EVP, Charlie Bell, who previously spent over two decades at Amazon. Despite the close ties, Microsoft has not commented on Amazon’s decision or detailed critique of Microsoft 365.
For now, Amazon’s deployment pause underscores its high-security standards and its willingness to challenge even the biggest tech players publicly.
