Microsoft has launched a formal investigation into reports that Israel’s military intelligence unit used the company’s cloud platform, Azure, to store large volumes of intercepted phone calls from Palestinians. The probe follows reporting by The Guardian, +972 Magazine, and Local Call alleging that Unit 8200 placed millions of recordings from Gaza and the West Bank on Azure and that those recordings were used to identify targets.
What the Allegations Say About Unit 8200 and Azure
Several media outlets reported that leaked documents and anonymous sources show Unit 8200 used Azure to retain recordings of Palestinian phone calls. The reports say those call records were then available to analysts to help identify targets for military action.
The Guardian said it reviewed leaked files that, according to the outlet, showed senior executives were informed of plans to store classified or sensitive material in Azure as far back as late 2021. The reporting attributes specific operational details to unnamed sources and to the leaked files. Microsoft has disputed some of the reporting and said it does not know what customers store in its cloud environments.
Microsoft’s Statement and Contractual Prohibitions
Microsoft issued a statement saying that using Azure “for the storage of data files of phone calls obtained through broad or mass surveillance of civilians in Gaza and the West Bank” would violate Azure’s terms of service. The company said it is opening a second review because of concerns that customers may have concealed material facts about how they used Azure.
A Microsoft spokesperson said the company will examine commercial agreements with the Israeli military and that the review will look at whether any usage contravened contractual or policy terms. Microsoft added it will publish the factual findings from the inquiry when the review is complete.
What Microsoft Previously Investigated and Why it Re-Opened the Case
Microsoft previously conducted an internal review after similar allegations emerged. That earlier inquiry concluded there was no evidence that Azure had been used to target or harm people in Gaza and that no terms-of-service violations had been found. The company says the new review was prompted by fresh reporting and concerns that relevant information may not have been disclosed to Microsoft earlier.
The new investigation will revisit past conclusions and probe commercial arrangements, data access controls, and whether any contractual terms or policy commitments were breached.
The leaked-file coverage reviewed by The Guardian alleges that some senior leaders, including the chief executive, were briefed about Unit 8200’s plans in late 2021. Microsoft has pushed back on that characterization, stating publicly that it was not aware of the specific uses described in the reports and that the company does not control what customers place on Azure.
Microsoft’s public position is that it enforces strict terms of service and that mass surveillance of civilians would be prohibited under those terms.
The reporting has intensified questions around cloud customers’ uses of third-party infrastructure and the limits of provider oversight. Microsoft’s inquiry is expected to examine whether contractual safeguards and audit rights were sufficient, and whether Microsoft was given full information when the commercial relationship began or evolved.
The company has said it will share what it finds. Until the investigation is complete, Microsoft and the Israeli authorities have not provided additional public detail about contracts, access controls, or how data was or was not managed.
Microsoft has retained the right to act on any contractual breaches it uncovers. The company said it will publish factual findings from the review once it completes its work. Independent experts and privacy advocates are watching closely for the review’s scope and for any follow-up actions the company might take.
For now, Microsoft’s statement limits itself to reaffirming that mass-storage of material obtained through broad surveillance of civilians would violate Azure policy. The company also reiterated its general position that it does not have access to customer data stored in their cloud environment unless required by contract or law.
