The Army’s ongoing adoption of Microsoft-based email, teleconferencing and collaboration services for its “Army 365″ platform could leave hundreds of thousands of soldiers, civilians and contractors without official email access, Army Times has confirmed.
The issue stems from the Army opting to purchase individual Microsoft 365 licenses rather than providing them to all of the service’s personnel. The Army has to pay for each individual license, meaning the arrangement could save money, a source familiar with the transition explained.
Right now, the Army’s plan is to grant licenses — and thus new Army.mil email addresses — only to NCOs and officers, according to an interim licensing guidance memo issued by Lt. Gen. John Morrison Jr., the service’s top uniformed IT official.
Army Times obtained a copy of the memo from a source involved in implementing the email transition.
“Commands will have to make some hard choices,” wrote Col. Joseph Gardner, a senior officer responsible for overseeing the platform’s rollout across the force, in a separate email explaining the license distributions last month. Army Times obtained a copy of the email.
Currently the Army has only procured 950,000 licenses, the memo stated. Those are intended to cover the needs of soldiers, civilians and contractors.
It’s not yet clear how many licenses will go to each personnel category — the Army is allowing subordinate commands to oversee the distribution process.
One thing is clear: the Army had 1,008,373 troops as of Sept. 30, and the service has hundreds of thousands of civilians and contractors who will also require email and collaborative platform access.
Army officials did not respond to questions from Army Times before this article’s publication deadline.
The service’s existing Defense Enterprise Email service provides official, secure email access for all Army personnel. But the platform is scheduled to go offline for the Army in March 2022, officials have said.
Junior enlisted troops whose duties necessitate email access will need to have an exception to policy approved by the first colonel in their chain of command, according to the memo.
One source who was present for a briefing on the licenses said that Army officials are weighing possible ways to secure official email addresses for personnel who don’t rate Microsoft 365 licenses. But a stop-gap email measure likely wouldn’t grant those personnel access to the Microsoft collaboration suite — including Microsoft Teams — that has kept the service afloat since the beginning of the pandemic.
Other potential issues
The email transition has presented issues for even those who are slated to have licenses.
Last month, there was a days-long partial outage that kept some users — especially those who have already fully migrated to Army 365 email — from being able to send and receive emails from external domains.
And some security measures in the new application may make it more difficult even for those with email access to complete tasks away from the office, especially for those in the National Guard and Army Reserve.
Currently, users can only download email attachments if they are connected to the Army network, including via a virtual private network if they are at home. Only government computers can access the Army’s networks via VPN, and most units only have a handful of such computers to issue.
With Defense Enterprise Email, servicemembers were able to download attachments regardless of whether they were on a personal or government-issued device.
This means that part-time Guard and Army Reserve soldiers without government computers must travel to an armory in order to do simple tasks, such as signing many PDF documents, because existing Army regulations ban documents with Privacy Act-covered personal data or Controlled Unclassified Information from being sent to non-official email addresses.
Some critics are concerned that unless the service can issue out more computers, the security measures could lead to a massive spillage of CUI. It could also lead to greater demands on Guard and Army Reserve troops outside of drill should they have to incorporate armory visits into their weekly routines.
Maintaining a healthy balance of information security and accessibility has been an ongoing issue for the Army since the COVID-19 pandemic sped up its timeline for adopting Microsoft’s collaborative services.
“It’s an IT security issue vs. an acquisition problem,” explained one source familiar with the service’s information security protocols, who fears the service’s current path “overlooks the impact on the user experience” due to a lack of government devices.
“Restricting potential CUI downloads to information systems rated for that data is an appropriate measure that meets the Army’s security needs,” the source said. “A lack of devices is ultimately an acquisition issue that could be overcome with proper budgeting.”
The access hiccups come amid a series of high-profile IT modernization missteps for the service, including the failed rollout of a new tuition assistance platform. The Army also recently delayed the rollout of its new HR and pay system, the Integrated Personnel and Pay System-Army, for the Regular Army and Army Reserve after issues with data feeds from older systems.
Davis Winkie covers the Army for Military Times. He studied history at Vanderbilt and UNC-Chapel Hill, and served five years in the Army Guard. His investigations earned the Society of Professional Journalists' 2023 Sunshine Award and consecutive Military Reporters and Editors honors, among others. Davis was also a 2022 Livingston Awards finalist.