Unit 8200, Israel's elite signals intelligence corps, built and operated a mass surveillance system atop Microsoft Azure that collected and stored recordings of millions of Palestinian phone calls, using the cloud's near-infinite capacity to power intercepts at a scale the military's own servers could not match. The system, which became operational in 2022, housed a segregated environment in Azure data centers in the Netherlands and Ireland, and—according to a joint investigation by The Guardian, +972 Magazine, and Local Call—its outputs were used to plan airstrikes and justify detentions. Microsoft says an internal and external review found "no evidence to date" that its technology was employed to target or harm people in Gaza. The disclosures land at a moment when commercial hyperscale clouds face uncomfortable questions about their dual-use as infrastructure for modern warfare.
The project's origin stretches back to a 2021 meeting at Microsoft's Redmond campus between CEO Satya Nadella and the Unit 8200 commander Yossi Sariel. Internal documents reviewed by the Guardian show Sariel pitched a plan to move up to 70 percent of the unit's data—including secret and top-secret material—onto Azure. Nadella, who joined for the last ten minutes of the session, encouraged identifying initial workloads and said Microsoft would commit resources to the partnership. Microsoft later stated that Nadella did not know the specific nature of the data, and that there was no discussion of Palestinian surveillance. However, the documents record Nadella saying "building the partnership is so critical" and backing the gradual shift toward the 70-percent target.
A cloud built for "a million calls an hour"
Three intelligence sources told the investigative consortium that the new system ingests and stores roughly a million phone calls every hour from Palestinians in Gaza and the West Bank. Audio files are retained for extended periods, typically a month but longer when needed, creating a vast, searchable archive. Unlike previous surveillance methods that required pre-selected targets, this bulk-collection model allows after-the-fact retrieval of any person's conversations once they become of interest.
The leaked Microsoft files reveal the scale: by July 2025, approximately 11,500 terabytes of Israeli military data sat in Azure's Dutch region, with a smaller portion in Ireland. That volume equates to roughly 200 million hours of audio. It is unclear how much of that total belongs to Unit 8200 versus other IDF branches, but the unit's segregated tenant was the centerpiece of the arrangement.
Unit 8200's leadership turned to commercial cloud because its on-premises infrastructure couldn't handle the data deluge. "The cloud is infinite storage," one source told the investigators. The mantra inside the unit became "a million calls an hour." Beyond storage, officers used Azure's compute power to analyze recordings, cross-referencing communications to identify bombing targets, to blackmail individuals, or to retroactively produce justifications for detentions, the sources said.
The system was already in place when Hamas attacked Israel on October 7, 2023, though it notably did not prevent that failure. In the ensuing Gaza war, its use reportedly escalated, even as the destruction of telecom networks reduced the volume of fresh intercepts. One source noted that enthusiasm for the platform grew among intelligence officers working Gaza because they saw Israel was "heading towards long-term control there."
Microsoft's response and the visibility gap
Microsoft's May 2025 public statement confirms it supplies Israel's Ministry of Defense with Azure, Azure AI services (including translation), and enterprise software. It also acknowledges selling thousands of hours of "extended engineering services" during the war. The company says it commissioned an external review that "found no evidence to date that Microsoft Azure or AI products were used to target or harm people in Gaza." It insists the engagement with Unit 8200 centered on cybersecurity and protecting against nation-state and terrorist attacks.
A fundamental tension runs through Microsoft's defense: the cloud provider's standard architecture deliberately limits its visibility into customer data. Azure's hardened, segregated environments—privacy features that enterprise clients demand—mean Microsoft often cannot see what a tenant stores or processes. Investigators describing daily collaboration between Microsoft engineers and Unit 8200 to build a secure environment for "sensitive workloads" sit awkwardly next to the company's claim of ignorance about the content. One source remarked, "You don't have to be a genius to figure it out. You tell [Microsoft] we don't have any more space on the servers, that it's audio files. It's pretty clear what it is."
That opacity creates an accountability gap. Microsoft's acceptable-use policies and Responsible AI rules forbid harm-causing activities, but enforcement requires knowing what a customer actually does. When a military intelligence unit classifies its programs and encrypts payloads, the provider's line of sight virtually disappears. Human rights groups argue that the company should adopt more stringent due diligence in high-risk contexts—or even suspend services when credible allegations arise.
The AnyVision precedent
This is not Microsoft's first encounter with controversy over Israeli security technology. In 2019, its M12 venture arm invested in AnyVision, an Israeli facial-recognition startup linked by media reports to West Bank checkpoint surveillance. Microsoft commissioned an independent audit by former U.S. Attorney General Eric Holder. The review found no evidence that AnyVision's technology powered a mass surveillance program, but Microsoft nonetheless divested its stake and ended all minority investments in facial-recognition vendors, citing inadequate oversight. The episode showed that the company could act even where an investigation did not find explicit wrongdoing—a precedent that weighs on the current Azure allegations.
Now, however, Microsoft is not a minority investor but the operator of the compute substrate itself. That role raises the stakes: if a cloud provider can plausibly assert ignorance while its infrastructure underpins operations that civil society deems abusive, where does responsibility reside?
Dual-use dilemma: commercial cloud as war infrastructure
The Unit 8200 revelations underscore a uncomfortable trend: modern warfare is increasingly dependent on the same hyperscale platforms that run enterprise software, store corporate data, and host consumer applications. Google and Amazon, which together won the Israeli government's Project Nimbus contract, face similar scrutiny. Microsoft's massive Windows and Azure footprint, though, makes the story feel personal to the millions of organizations and developers who build on its stack.
For CIOs and Windows administrators, the implications are immediate and operational:
- Data residency and cross-border risk. Hosting surveillance audio in EU data centers raises thorny questions under GDPR. Even if the data subjects are non-EU persons, EU establishments of Microsoft might have obligations, potentially drawing involvement from data protection authorities or national security committees. Irish media have already pressed for clarity on Azure Ireland's role.
- Contractual guardrails. Acceptable-use policies mean little without auditability. Where customers classify programs and mask data flows, cloud providers may lack practical enforcement mechanisms. This gap can expose downstream enterprise customers who resell or integrate Azure services into public-sector projects.
- Workforce activism. Repeated protests at Microsoft events—including a disruption of Nadella's keynote at Build 2025—signal internal dissent that could affect product roadmaps and customer engagements. Enterprise clients must anticipate how their own employees might react to the use of shared infrastructure in conflict zones.
- Vendor exposure management. If your organization relies on Azure services that are also woven into controversial government deployments, reputational spillover—and in some markets, procurement restrictions—can materialize quickly.
Practical steps for enterprise IT teams
The controversy offers a wake-up call for any organization that uses or resells Azure. Risk management must now include human-rights considerations alongside traditional security and compliance. Concrete measures include:
- Inventory defense-adjacent workloads. Identify any subscriptions, partners, or end-customers tied to national security clients. Tag services involving surveillance, biometrics, or large-scale communications analytics.
- Tighten acceptable use in your contracts. Mirror Microsoft's prohibited-use terms and add explicit bans on bulk communications surveillance, unlawful targeting, and activities that foreseeably cause harm. Require customer attestations and, where feasible, audit rights.
- Integrate human-rights impact assessments. Before migrating sensitive workloads to Azure, run an HRIA. Document risk factors, mitigations, and escalation procedures alongside your existing security and data-protection assessments.
- Deploy technical guardrails. Use Azure Policy, Monitor, and Defender for Cloud to flag high-risk service usage—Cognitive Services speech-to-text at scale, Azure OpenAI batch inference, or massive blob retention in specific geos. Trigger a security review when thresholds are crossed.
- Codify a "pause and review" mechanism. In contracts with sensitive customers, reserve the right to suspend services upon a credible allegation of human-rights violations. Define the investigation process, third-party participation, and the evidentiary standard required to resume.
- Harden logging and provability. Turn on immutable logging (Azure Storage immutable blobs, Microsoft Purview audit) so you can defend what your infrastructure did—and what it didn't do—if allegations arise.
The broader regulatory horizon
The placement of bulk surveillance data on EU soil will almost certainly attract regulatory attention. Early Irish coverage has already highlighted the Dublin connection, and pressure could mount for formal inquiries into whether EU data protection rules apply to third-country intelligence bodies using Microsoft's local establishments. The legal thicket is dense: the GDPR's national-security exemption, the concept of processor-vs-controller liability, and the extraterritorial reach of EU law all intersect in ways that have not been tested at this scale.
Microsoft's Global Human Rights Statement and its commitment to the UN Guiding Principles on Business and Human Rights demand heightened due diligence in conflict-affected contexts. Yet the company has not publicly described any technical escalation pathway—such as automated service suspensions triggered by risk signals—for government customers. Bridging the credibility gap will likely require new contractual language and novel enforcement mechanisms, not just trust.
Bottom line
The Guardian's investigation paints a vivid picture of a military unit using Azure to store and analyze phone calls by the millions, feeding operations that critics say caused devastating civilian harm. Microsoft's position—that it supplies cloud and AI services with responsible-use terms and has no evidence of direct targeting—is clear but leaves unresolved the structural opacity of cloud platforms. Both narratives can coexist in an era where encryption, compartmentalization, and classified procurement obscure the most consequential details.
For Windows and Azure customers, the actionable takeaway is unambiguous: treat human-rights risk as an engineering requirement. Embed it in contracts, architectures, and monitoring. Operational excellence now demands ethical assurance. The sooner the enterprise IT community embraces that, the fewer headlines we will see about commercial clouds being repurposed as instruments of war.