To log into corporate systems, Microsoft employees in China will now have to use authenticator apps installed exclusively on iPhone devices.
This is part of Microsoft’s Secure Future Initiative announced late last year, 9to5Mac reports. The change will apparently go into effect in September this year and will affect “hundreds” of people.
Currently, Microsoft employees can log into their work IT infrastructure using two Microsoft-built multi-factor authentication (MFA) apps. Starting in September, the company will require employees to run those apps only on iPhones, suggesting that Chinese-built devices running Android (or other operating systems) could pose a security risk.
Targeted at SOHO equipment
The risk also seems to lie in the fact that Android devices host third-party app stores (something Apple recently had to allow in the EU as well).
Employees who do not yet have a suitable device will receive an iPhone 15. Ironically, they can also do their work on a Windows computer.
The Secure Future Initiative is Microsoft’s response to recent hacking issues that have caught the attention of not only the cybersecurity community, but also the US government.
This past summer, the U.S. State Department notified Microsoft that threat actors had access to more than two dozen email accounts belonging to various organizations in the West, including government companies. Microsoft later attributed the attack to Storm-0558, a known Chinese-sponsored espionage and data theft threat actor.
The attack was carried out using forged authentication tokens that allowed attackers to access emails using a obtained Microsoft account signing key, the company confirmed.
In March of this year, the US Cyber Safety Review Board (CSRB) published a report on the incident, criticizing Microsoft for making a series of “avoidable mistakes,” including failing to detect several breaches.
This prompted the company to respond, with CEO Satya Nadella later saying during an earnings call, “We are redoubling our commitment to this very important work, putting security above all else — ahead of all other features and investments.” This new focus resulted in the creation of the Secure Future Initiative, Microsoft’s attempt to regain public trust and improve its image in the public eye.