Starting September, the tech giant will restrict corporate access from Android-powered devices in China, affecting hundreds of workers across the mainland.This decision is part of Microsoft’s global Secure Future Initiative (SFI), aimed at standardising employee cybersecurity practices.
Only iPhones, no Android phones at work
The memo, as reported by Bloomberg, states that Chinese-based employees will soon be required to use only Apple devices for identity verification when logging into work computers or phones. This mandate highlights the growing divergence between Chinese and foreign mobile ecosystems, particularly in the fragmented landscape of Android app stores in China.
Unlike Apple’s iOS store, Google Play is not available in China, leading local smartphone makers like Huawei and Xiaomi to operate their own platforms. Microsoft’s decision to block access from these devices stems from their lack of Google’s mobile services in the country, according to the internal message.
To make this transition easier, Microsoft will provide iPhone 15 devices as a one-time purchase to staff currently using Android handsets. The company plans to make these iPhones available for collection at various hubs across China, including Hong Kong, where Google’s services are accessible.
Recent security incidents are behind this change
This move comes in the wake of increasing security concerns for Microsoft. Bloomberg reports that the company has faced repeated attacks from state-sponsored hackers, including a Russia-linked breach disclosed in January that affected dozens of US government agencies.
In response to these challenges, Microsoft has pledged its most ambitious security overhaul in two decades through the SFI. Executive Vice President Charlie Bell emphasised in May that security has become the company’s top priority, surpassing all other features.
While Microsoft has not publicly addressed this specific policy change in China, it aligns with the company’s broader efforts to enhance cybersecurity globally. These efforts include faster addressing of cloud vulnerabilities, strengthening credential protection, and enforcing multi factor authentication for employees.