Microsoft plans to block employees in China from using Android-powered devices to access its corporate network, according to a Bloomberg report. The company sent an internal memo to its Chinese staff outlining the new policy, which will take effect in September. Under this policy, employees will be required to use Apple’s iPhones to authenticate their identities when logging into work machines.
This directive is part of Microsoft’s new Secure Future Initiative, which was launched in response to multiple cybersecurity breaches and a critical US government report on the company’s security practices. The mobile device mandate will affect hundreds of employees across mainland China and will necessitate the use of the Microsoft Authenticator password manager and Identity Pass app.
Unlike Apple’s iOS store, Google Play is not available in China, forcing local smartphone manufacturers like Huawei and Xiaomi to operate their own platforms. As a result, Microsoft decided to restrict access from these devices to its corporate resources due to the absence of Google’s mobile services in China.
Employees using Android devices, including those made by Huawei or Xiaomi, will be provided with an iPhone 15 as a one-time purchase, according to the memo. Microsoft plans to distribute iPhones at various hubs throughout China, including Hong Kong, where Google’s services are available.
The Secure Future Initiative aims to enhance Microsoft’s cybersecurity by releasing faster cloud patches, better management of identity signing keys, and setting higher default security standards for software. The initiative also adopts recommendations from the Cyber Safety Review Board (CSRB) report, including implementing technical controls to reduce unauthorized access and securing the corporate infrastructure.
Key measures include adopting state-of-the-art standards for identity and secrets management, such as hardware-protected key rotations and phishing-resistant multi-factor authentication for all user accounts. Additionally, Microsoft will strengthen the protection of its network and tenant environments by removing all lateral movement pivots between tenants, environments, and clouds, and ensuring only secure, managed, and healthy devices are granted access to Microsoft tenants.
The strategy also emphasizes protecting Microsoft’s production networks and systems by improving isolation, monitoring, inventory, and secure operations.
