Despite doubts, federal cyber experts approved Microsoft cloud service

Original Article ↗ Hacker News Discussion ↗

Scope of the “pile of shit” comment

  • Several commenters note the quote in the article originally referred to Microsoft’s security documentation package for FedRAMP, not necessarily the technical quality of the cloud itself.
  • Others argue that documentation quality is itself a strong signal of overall system quality; if Microsoft can’t clearly explain data flows and security models, the underlying system is likely weak too.

FedRAMP process, compliance, and government procurement

  • Many describe FedRAMP as slow, paperwork-heavy, and disproportionately expensive for small companies; estimates include $2–3M and years of effort to get an authorization.
  • Some claim this effectively forces startups to deploy via a small number of existing FedRAMP platforms, creating a de facto “tax” and regulatory moat; others with first-hand experience explicitly dispute this framing.
  • Reviewers allowed GCC High to be used during evaluation; by the time the review dragged on, the service was widely deployed, creating enormous inertia against rejection.
  • There is concern about conflicts of interest and revolving-door hiring between agencies and Microsoft, and about third-party assessors being paid by the vendors they assess.
  • Multiple comments distinguish compliance from real security: checklists dominate, while meaningful risk analysis suffers.

Microsoft Azure & ecosystem quality

  • Numerous practitioners describe Azure (and surrounding tools like Entra ID, Teams, Minecraft/Xbox auth) as overly complex, unreliable, poorly integrated, and inconsistently documented.
  • Common themes: too many overlapping ways to do the same thing, weak or auto-generated docs, brittle SSO flows, confusing billing, and products launched half-baked then supported indefinitely.
  • Some insiders report similar chaos internally: many parallel systems, poor coordination, and cloud tooling that makes engineers “hate” working in the cloud.
  • A minority push back, saying Azure’s feature set and identity stack are strong, documentation is generally good, and that all major clouds have serious flaws.

Vendor lock-in and market dynamics

  • Commenters stress Microsoft’s strength in sales, existing enterprise relationships, and “foot in the door” tactics; once AD/Exchange/Teams/Azure are entrenched, exit costs are huge.
  • There is debate over whether government or “the market” is better at making such choices, but broad agreement that procurement inertia and vendor lock-in heavily shape outcomes.

Broader industry frustration

  • Several developers express exhaustion with cloud/platform complexity, compliance burdens, and incentives that reward bloat and lock-in over craftsmanship and clarity.