Microsoft tells staff in China they can't use Android phones anymore, must switch to iPhone
For logging into company systems, that is.
To log into company systems, Microsoft employees in China will now have to use authentication apps installed exclusively on iPhone devices.
This is part of Microsoft’s Secure Future Initiative announced late last year, 9to5Mac reports. The change apparently takes effect in September this year, and was said to affect “hundreds” of people.
At the moment, Microsoft employees can log into their work IT infrastructure using two Microsoft-built multi-factor authentication (MFA) apps. From September onwards, the company will require employees to only run those apps on an iPhone, suggesting that Chinese-built devices running Android (or other operating systems) could be a security risk.
Targeting SOHO gear
The risk also seems to be tied to the fact that Android devices allow for third-party app stores (something Apple was forced to grant in the EU, recently, as well).
Employees who don’t already own a suitable device will be given an iPhone 15. Ironically enough, they can still do their work on a Windows computer.
The Secure Future Initiative is Microsoft’s answer to recent hacking woes that drew attention, and condemnation, of not just the cybersecurity community, but the US government, as well.
Last summer, the US State Department notified Microsoft of threat actors accessing more than two dozen email accounts belonging to different organizations in the West, including government firms. Microsoft later attributed that attack to Storm-0558, a known Chinese-sponsored espionage and data theft threat actor.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The attack was conducted using forged authentication tokens which allowed threat actors to access emails using an acquired Microsoft account consumer signing key, the company confirmed.
In March this year, the US Cyber Safety Review Board (CSRB) published a report on the incident, criticizing Microsoft for making a series of “avoidable errors”, including failing to detect several compromises.
This prompted the company to react, with its CEO, Satya Nadella, later saying during an earnings call: “We are doubling down on this very important work, putting security above all else – before all other features and investments.” This new focus resulted in the creation of the Secure Future Initiative, Microsoft’s attempt at regaining the public’s trust and improving its image in the public eye.
More from TechRadar Pro
- The US State Department told Microsoft that emails in its cloud were hacked last month
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.