I'd expect a lot of that would go not towards desktop licensing but Professional Services and the like. Services such as SQL Server, Sharepoint, IIS, Lync, and Active Directory are critical to DoD, and they rely on Microsoft a lot for continued engagement.
Unless things have changed, DoD is Microsoft's biggest customer. It's not that they're stuck. Between the combination of sheer scale (not thousands, millions) security requirements, and desire for a stable ecosystem, there's few, if any, that can match what they provide. This isn't a dig at others products, let alone "open" solutions. They've been serving DoD for decades, and you can count on a Microsoft product to come with solid security documentation (often with NIST 800-53 reference) , FIPS 140-2 compliance, PKI support (absolute must in the DoD Common Access Card environment), and(relatively) solid vulnerability management. DoD requires ALL of those things.
I wouldn't argue that they don't have room to improve. But that doesn't discount what Microsoft has accomplished.
Unless things have changed, DoD is Microsoft's biggest customer. It's not that they're stuck. Between the combination of sheer scale (not thousands, millions) security requirements, and desire for a stable ecosystem, there's few, if any, that can match what they provide. This isn't a dig at others products, let alone "open" solutions. They've been serving DoD for decades, and you can count on a Microsoft product to come with solid security documentation (often with NIST 800-53 reference) , FIPS 140-2 compliance, PKI support (absolute must in the DoD Common Access Card environment), and(relatively) solid vulnerability management. DoD requires ALL of those things.
I wouldn't argue that they don't have room to improve. But that doesn't discount what Microsoft has accomplished.