Microsoft has ousted Alon Haimovich, the four-year general manager of its Israeli subsidiary, along with several senior governance managers, after an internal investigation concluded this week that Unit 8200 — Israel's military signals intelligence directorate — had violated Microsoft's terms of service by using its Azure cloud platform to store roughly 200 million hours of intercepted Palestinian phone recordings on European servers, raising regulatory exposure for Microsoft under EU law.
The terminations, first reported by Israeli financial newspaper Globes on Tuesday, represent the most senior accountability action taken by a major cloud provider following a government customer's misuse of commercial infrastructure. The Israeli subsidiary has been placed under interim oversight by Microsoft France while a replacement general manager is recruited.
How a 2021 Redmond Meeting Led to 11,500 Terabytes of Intercepted Calls on Dutch Servers
The surveillance arrangement traces to a 2021 meeting at Microsoft's headquarters in Redmond, Washington, between CEO Satya Nadella and Yossi Sariel, then commander of Unit 8200. According to documents reviewed by The Guardian, Nadella agreed to provide Unit 8200 with a dedicated, segregated area within Azure for "sensitive workloads." Haimovich, per the same reporting, attended that meeting and later supervised the resulting relationship.
By 2022, Unit 8200 was using that custom Azure environment to store recordings of Palestinian phone calls from Gaza and the West Bank. By July 2025, the system held approximately 11,500 terabytes of Israeli military data — the equivalent of about 200 million hours of audio — stored primarily in Microsoft's data centers in the Netherlands, with additional data in Ireland. Internally, the project's scale was captured in a unit mantra: "a million calls an hour."
An August 2025 joint investigation by The Guardian, Israeli-Palestinian publication +972 Magazine, and Hebrew-language outlet Local Call, drawing on leaked Microsoft documents and interviews with 11 sources from Microsoft and Israeli military intelligence, brought the arrangement into public view. The reporting found that data from the system was used to inform airstrike targeting, detentions, and blackmail operations. Microsoft says its CEO was not informed that Unit 8200 intended to store intercepted civilian communications when the partnership was established.
Microsoft's Internal Investigation Found Transparency Failures at the Subsidiary Level
The probe, conducted with lawyers from US firm Covington & Burling, found that Microsoft Israel's leadership — including Haimovich and the governance department managers who have also departed — had not been fully transparent with global headquarters about how Israeli defence-affiliated customers were using the Azure platform. Microsoft's global leadership concluded that Unit 8200 had violated its terms of service, which explicitly prohibit use of its technology for mass civilian surveillance.
In September 2025, Microsoft President Brad Smith announced the company would "cease and disable" cloud and AI services to Unit 8200 — the first time a major US technology company had terminated service to the Israeli military since October 2023. The subsequent leadership purge suggests the investigation uncovered conduct the company deemed serious enough to require accountability at the most senior level in-country.
In a departure email to staff, Haimovich made no reference to the investigation but described having turned Israel into "one of Microsoft's fastest-growing markets worldwide." He did not respond to a request for comment from The Guardian.
European Servers Create Potential GDPR Liability — Ireland's Data Regulator Has Received a Formal Complaint
A central concern driving Microsoft's investigation was legal exposure in Europe. Because Unit 8200's surveillance data was stored on Azure servers in the Netherlands and Ireland — both EU jurisdictions — Microsoft faces potential scrutiny under the General Data Protection Regulation (GDPR), which governs the handling of personal data belonging to EU residents and, by extension, data processed within EU borders.
Campaign group Eko has filed a formal complaint with Ireland's Data Protection Commission — the lead GDPR authority for Microsoft, which is headquartered in Dublin — alleging that the company unlawfully processed personal data by enabling Israeli military surveillance. Eko also alleges that, the day after The Guardian's August 2025 report was published, an account linked to the Israeli military requested expanded data-transfer limits on three Azure accounts, followed by a sharp drop in stored data volume — a sequence critics argue was designed to move evidence beyond regulators' reach before a formal inquiry could begin. Microsoft has disputed this characterisation, stating that data transfers are made at customers' discretion and that the transfers did not impede its own investigation.
Enterprise Cloud Customers Now Face Procurement Questions Their Compliance Frameworks Cannot Answer
For IT procurement and legal teams at enterprises, the Microsoft Israel episode surfaces three concrete vulnerabilities in standard cloud compliance postures.
First, acceptable-use enforcement. Microsoft's investigation was triggered not by its own monitoring but by external journalism. Without the Guardian and +972 Magazine investigation, the policy violations may have gone unaddressed indefinitely. Procurement teams relying on contractual prohibitions as a primary control should ask how those prohibitions are monitored in practice.
Second, data residency risk. The use of Dutch and Irish servers to store data collected through Israeli military surveillance illustrates how data residency arrangements can create legal exposure that extends beyond the primary customer. Enterprises sharing infrastructure — even in logically segregated environments — carry indirect risk when a co-tenant's conduct draws regulatory scrutiny.
Third, subsidiary opacity. Microsoft's global leadership concluded that the Israeli subsidiary had withheld material information. Enterprises that have subsidiary or regional-office relationships with major cloud vendors should consider whether their contracts provide adequate visibility into how those relationships are governed locally.
Microsoft's Azure Is Also Central to a Tripling of ICE Surveillance Data Storage Since Mid-2025
The Israeli episode is not an isolated case. A February 2026 investigation by The Guardian, +972 Magazine, and Local Call found that the US Immigration and Customs Enforcement agency (ICE) had more than tripled its Microsoft Azure data storage between July 2025 and January 2026 — from approximately 400 terabytes to roughly 1,400 terabytes — concurrent with a significant escalation in immigration enforcement operations. ICE is deploying Azure AI Video Indexer and Azure Vision for facial recognition and multimedia content analysis.
Microsoft has stated that its contracts with ICE cover standard cloud services and that it does not believe ICE is using Azure for mass civilian surveillance. Critics argue that the distinction between general-purpose cloud infrastructure and active surveillance tooling is contractually convenient but operationally meaningless, given that scalable storage and AI analysis capabilities are what enable the surveillance.
Microsoft Is Seeking to Renew Its Israeli Defence Ministry Contract Later This Year
Despite the leadership removals, Microsoft is reportedly pursuing renewal of its contract with the Israeli Ministry of Defence when it expires later in 2026. Reporting from Globes and The Decoder indicates the ministry is interested in continuing the relationship, though at reduced scale — primarily for desktop applications such as Office and Windows, with large portions of cloud infrastructure having already shifted to Amazon and Google's platforms following the Unit 8200 termination.
Microsoft was excluded from Israel's flagship "Nimbus" cloud contract, which was awarded to Google and Amazon in 2021, and has not agreed to the broad government intelligence-gathering terms that Nimbus entailed. How the company structures any renewed Ministry of Defence arrangement — and what public transparency it provides about the scope of that agreement — will be closely watched by investors, EU regulators, and civil liberties organisations.
Microsoft has declined to issue a detailed public statement on the specific findings of its internal investigation. The company's actions — removing senior leadership and restructuring subsidiary oversight — indicate the violations found were material. Whether further public disclosure follows remains to be seen.
ⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.
