To log into company systems, Microsoft employees in China will now have to use authentication apps installed exclusively on iPhone devices.
This is part of Microsoft's Secure Future Initiative announced late last year, 9a5Mac The change is reportedly set to come into effect in September this year and is said to affect “hundreds” of people.
Microsoft employees can currently log into their work IT infrastructure using two Microsoft-developed multi-factor authentication (MFA) apps. Starting in September, the company will require employees to run those apps only on an iPhone, suggesting that Chinese-made devices running Android (or other operating systems) could pose a security risk.
Targeting SOHO equipment
The risk also appears to be linked to the fact that Android devices allow third-party app stores (something Apple was forced to concede in the EU recently as well).
Employees who do not yet own a suitable device will be given an iPhone 15. Ironically, they will still be able to do their work on a Windows computer.
The Secure Future Initiative is Microsoft's response to recent hacking issues that have drawn attention and condemnation not only from the cybersecurity community, but also from the US government.
Last summer, the U.S. State Department notified Microsoft that threat actors had accessed more than two dozen email accounts belonging to different Western organizations, including government companies. Microsoft later attributed that attack to Storm-0558, a known Chinese-sponsored espionage and data theft actor.
The attack was carried out using forged authentication tokens that allowed threat actors to access emails using a purchased Microsoft account consumer signing key, the company confirmed.
In March this year, the US Cybersecurity Review Board (CSRB) published a report on the incident, criticising Microsoft for making a number of “avoidable mistakes”, including failing to detect several vulnerabilities.
This prompted the company to react, with CEO Satya Nadella later saying during a press conference: “We are redoubling our efforts on this critically important work, putting security above all else, before all other features and investments.” This new approach resulted in the creation of the Secure Future Initiative, Microsoft’s attempt to regain public trust and improve its image in the eyes of the public.
