Microsoft is everywhere. Whether it’s your kid’s school using Teams for homework, your local government running on Microsoft 365, or your favorite small business relying on Azure for its cloud needs, the tech giant has become a staple of modern life. But in North Dakota, Microsoft’s dominance has turned into a liability, exposing critical vulnerabilities in the state’s infrastructure.
At the center of this story is Doug Burgum, North Dakota’s former governor and a tech-savvy leader with deep ties to Microsoft. As Burgum faces confirmation hearings for Secretary of the Interior, his role in shaping the state’s reliance on Microsoft—and the security failures that followed—has come under scrutiny.
Doug Burgum’s connection to Microsoft dates back to 2001, when he sold Great Plains Software to the tech giant for $1.1 billion. As governor of North Dakota, he leaned heavily on his tech background to modernize the state’s IT infrastructure, often partnering with Microsoft.
While this strategy initially seemed like a win, it also made North Dakota heavily reliant on a single vendor. Over time, that reliance exposed critical vulnerabilities, leading to a series of cybersecurity incidents that have put Burgum’s legacy in the spotlight.
The Security Crises Under Burgum’s Watch
Ransomware Attacks on Local Governments
In 2023, multiple local government offices in North Dakota were paralyzed by ransomware attacks. These incidents locked critical systems and demanded hefty payments for data restoration. While Microsoft wasn’t directly responsible, attackers exploited vulnerabilities in the company’s software—vulnerabilities critics argue should have been addressed earlier.
As governor, Burgum championed the use of Microsoft platforms to streamline government operations, but critics say his administration failed to account for the cybersecurity risks. “Burgum’s reliance on Microsoft may have modernized systems, but it also made us a bigger target,” said a former state IT official.
Phishing Scams and Microsoft 365
North Dakota’s businesses and local governments using Microsoft 365 became prime targets for phishing scams, with hackers bypassing email security to steal sensitive data. Burgum’s administration touted Microsoft 365 as a cost-effective and efficient solution, but these attacks raised questions about whether the risks were properly assessed before widespread adoption.
Cloud Security Failures with Azure
The risks extended to healthcare. Under Burgum’s leadership, a state healthcare provider faced a significant data breach due to a misconfigured Azure storage bucket, exposing patient information. This incident highlighted the dual responsibility of users and providers in securing cloud services—but also pointed to Microsoft’s shortcomings in guiding users toward secure configurations.
PowerSchool Breach: Fargo Public Schools
One of the most alarming incidents occurred in June 2023, when PowerSchool, a platform widely used by North Dakota’s K-12 schools, suffered a major data breach. Sensitive information—including student names, addresses, Social Security numbers, and medical details—was exposed.
As governor, Burgum championed digital tools like PowerSchool to enhance efficiency in education, but critics argue his administration’s oversight of these third-party integrations was inadequate. Many schools relied on PowerSchool alongside Microsoft 365, raising concerns about cascading vulnerabilities. The incident has become a flashpoint in the ongoing debate about Burgum’s tech-driven policies.
Microsoft’s Commitment to DEI
Adding fuel to the fire, critics argue that Microsoft’s priorities may be misplaced. Amid these security crises, Microsoft has emphasized its Diversity, Equity, and Inclusion (DEI) initiatives—a focus some say detracts from its core responsibilities.
This controversy escalated when an Activision Blizzard artist Kyle Jacob Hickey, part of a Microsoft-owned subsidiary, posted inflammatory remarks such as “Kill your local MAGA” on social media just two days ago. While Activision Blizzard declined to comment, in a statement Microsoft reaffirmed its commitment to DEI values, sparking outrage among those who feel the company is neglecting its contractual obligations.
Burgum’s ties to Microsoft have complicated the optics of this situation. Critics suggest that his long-standing relationship with the company may have influenced his administration’s decisions, potentially prioritizing partnerships over holding Microsoft accountable.
As Burgum prepares for his confirmation hearings for Secretary of the Interior, his record on cybersecurity in North Dakota is becoming a focal point. During his tenure, the state faced multiple high-profile data breaches, phishing attacks, and ransomware incidents—all of which have raised questions about his ability to manage complex systems.
Burgum’s close relationship with Microsoft has also sparked concerns about his judgment. “When you’re that tied to a company, it’s easy to overlook its flaws,” said one cybersecurity expert. “Burgum’s tech credentials should have made him more proactive, not complacent.”
While Burgum bears responsibility for North Dakota’s cybersecurity strategy, Microsoft’s role in these crises cannot be ignored. The company’s platforms have been a breeding ground for vulnerabilities, and its response to security challenges has often been reactive rather than proactive.
Critics argue that Microsoft’s focus on initiatives like DEI, may be diverting resources away from critical security improvements. The question remains: Is Microsoft doing enough to protect the users who rely so heavily on its tools?
As North Dakota continues to grapple with the fallout from these cybersecurity incidents, the stakes are high for all involved. For Doug Burgum, these failures could jeopardize his confirmation as Secretary of the Interior. For Microsoft, they represent a growing liability—not just in North Dakota, but nationwide.
If North Dakota’s experience teaches us anything, it’s the importance of diversifying technology ecosystems and holding vendors accountable. Whether Burgum’s legacy will be remembered as a cautionary tale or a stepping stone to national leadership remains to be seen.