To log into company systems, Microsoft employees in China will now have to use authentication apps installed exclusively on iPhone devices.
This is part of Microsoft’s Secure Future Initiative announced late last year, 9to5Mac reports. The change apparently takes effect in September this year, and was said to affect “hundreds” of people.
At the moment, Microsoft employees can log into their work IT infrastructure using two Microsoft-built multi-factor authentication (MFA) apps. From September onwards, the company will require employees to only run those apps on an iPhone, suggesting that Chinese-built devices running Android (or other operating systems) could be a security risk.
Targeting SOHO gear
The risk also seems to be tied to the fact that Android devices allow for third-party app stores (something Apple was forced to grant in the EU, recently, as well).
Employees who don’t already own a suitable device will be given an iPhone 15. Ironically enough, they can still do their work on a Windows computer.
The Secure Future Initiative is Microsoft’s answer to recent hacking woes that drew attention, and condemnation, of not just the cybersecurity community, but the US government, as well.
Last summer, the US State Department notified Microsoft of threat actors accessing more than two dozen email accounts belonging to different organizations in the West, including government firms. Microsoft later attributed that attack to Storm-0558, a known Chinese-sponsored espionage and data theft threat actor.
The attack was conducted using forged authentication tokens which allowed threat actors to access emails using an acquired Microsoft account consumer signing key, the company confirmed.
In March this year, the US Cyber Safety Review Board (CSRB) published a report on the incident, criticizing Microsoft for making a series of “avoidable errors”, including failing to detect several compromises.
This prompted the company to react, with its CEO, Satya Nadella, later saying during an earnings call: “We are doubling down on this very important work, putting security above all else – before all other features and investments.” This new focus resulted in the creation of the Secure Future Initiative, Microsoft’s attempt at regaining the public’s trust and improving its image in the public eye.
+ There are no comments
Add yours