The mandate, set to come into effect in September 2024, was announced in an internal memo seen by Bloomberg News. It will require Microsoft's China-based workers to...
Microsoft has told all its employees in China that they will soon only be allowed to use iPhones for work purposes. The ban on Android devices is part of a security-related Microsoft initiative for providing a unified way of managing and verifying employee identities.
The mandate, set to come into effect in September 2024, was announced in an internal memo seen by Bloomberg News. It will require Microsoft's China-based workers to verify their identities when logging in to work computers or phones. The change is part of Microsoft's global Secure Future Initiative that is intended, among other things, to ensure that all staff use the Microsoft Authenticator password manager and Identity Pass app.
While Apple's iOS store is available in China, Google Play isn't. Local smartphone giants such as Huawei and Xiaomi operate their own platforms in the country, but Microsoft has chosen to block access from those companies' devices to its corporate resources because they lack Google's mobile services, reads the memo.
Any staff in the country using Android handsets, including those from Huawei or Xiaomi, will be provided with an iPhone 15, as a one-time purchase. The Redmond giant is designating collection points across China where employees can pick up their iPhones.
Microsoft is also introducing the iPhones-only rule in Hong Kong, despite the Google Play Store being available in the special administrative region of China.
Man, I'd hate to see an IT department you were in charge of.
I may be completely off the mark, but I'm pretty sure that Intune device management doesn't allow you to push arbitrary APKs out to managed Android devices. There would still also be the issue of getting the device managed to start with.
Microsoft isn't about to roll out their own version of the Play Store just to serve APKs to their Chinese employees.
They also are not going to try and manage rolling out updates to whatever cluster mess of different android devices those employees use, tracking update compliance, etc
Any other solution to this involves considerable extra work for their internal IT team(s). Easier to just force everyone needing access to corporate devices to use a single standard (and buy company phones for the few who raise a stink).
It's not just Google play that's blocked, the entirety of the Google Services Framework is blocked in China, including the security framework that is part of it.
MS would have to build their own bespoke Android security framework in addition. Which is a whole hell of a lot more than just "sending the APK over the air"
Yes, device management systems can push apps directly to devices, but the devices have to be managed first. So I think it probably is about the lack of Google Play.
One of the hardest parts of managing devices is getting them enrolled in device management in the first place. Microsoft uses the Microsoft Authenticator app to authenticate users as part of the enrollment process, so they know which employee is using the device and how to configure it. They need a reliable app store to distribute that app, and they need to do it before the device is managed. So usually they rely on Google Play.
Sounds like Google's enterprise features have a dependency on Google Play (and presumably GSF) and Android phones in China can't be turned into work phones as a result. Makes a lot of sense.
Any staff in the country using Android handsets, including those from Huawei or Xiaomi, will be provided with an iPhone 15, as a one-time purchase
Fuck off. If you're mandating what device I'm to use for work; you're going to provide said device free of charge, or shut the fuck up when I use whatever I like.
That’s my read of it, or am I misunderstanding something?
Microsoft will purchase for their Android using employees an iPhone 15. The reference to one-time being that employees are only entitled to one, in the event they were to lose or damage it?
It's a Google updates issue since they're blocked. Apple isn't but they comply with the Chinese government just as much as they do in the US as does Google. Remember Google is banned because it would not comply with China. How quickly the Americans forget.
Most likely the corporate spyware that Microsoft enables, requires very recent Google services and Apple services to operate. It's pretty standard in the corporate spyware world. Usually just a few months out of date at most.
It's just a writer seeking to vary their language a bit. It's a trick to keep themselves from repeating "Microsoft" quite so many times in a short span, as too much word repetition can cause readers to "tune out".
Same person monotonously being referred to as "young woman" (not that it has anything to do in the context, just to replace "she" or "<name>"), "<hobby>", "<profession>", "<place where they live>", some other crap instead of refactoring and compressing the text a bit.
Oh I could help them out with a few synonyms: The asshats with the Internet Explorer, the start menu advertising clowns, the BSOD guys, the USE ONLY MY WEBBROWSER bullies, ...
I know you're joking, but having a seperate phone exclusively for work stuff is actually great, specifically because it makes it easier to entirely seperate yourself from work. At my old job, I was given a work phone and it was the only phone number I used for all my work stuff. When I was at work, I would answer it, and outside of that it was off or on silent in my work bag. If they wanted me to answer outside of work hours, they had to pay me on-call rates. The same thing applied to group chats and other work-related stuff like that, (e.g. emails). It all went to that phone, and unless I was being paid to be contactable outside of work hours, I wouldn't be.
The only exception to that was my manager and a select few people who had my personal number for genuine emergencies, and if they used my personal number to contact me asking me about work, it was entirely at my discretion to respond and would mean I'd get on-call pay.
It also meant I could keep my work and personal accounts/apps/etc. completely seperate. If they asked me to download some random app, I could do it on the work phone without worrying about whether they would be able to access other data on my phone or anything like that. Whenever I needed a phone number for 2FA or whatever, I could use the work number and not worry about where exactly that number would end up or how it might be used. For example, I used my work number to register for a conference, and then for months afterwards I would get calls and texts from sales people. That was still slightly annoying, but it was much better than getting calls on my personal phone.
It also meant that when I left that job, I could just wipe that phone without having to worry about having personal data on there, because I never used it for anything except work stuff.
It does sound like Microsoft is asking their employees to pay for an iPhone which is a bit dodgy in my opinion, but I'd still probably take the opportunity to use it completely for work and keep my personal phone seperate. It's easy enough to get another number, and then when you leave that job you can cancel it and get a new number for the next job, cutting that link entirely.
The Microsoft phone was decent, but, yea, their app store was lacking. Shoutout to the Zune, which was pretty good software & hardware from what I can remember.
Android is being used by Microsoft now since Windows Phone didn't really do very well. Their Surface Duo device runs Android. Windows 11 has a "Windows Subsystem for Android" feature... that uses the Amazon Appstore (and is actually getting phased out - the WSA thing, not the Amazon Appstore).
And yeah, I have no idea why the Google Play Store isn't available there, seems like a pretty weird decision. Can you tell I hate geoblocking?
I don't like apple but due to the heavy nuance of this situation I approve of this action. It would have been better for them to develop and distribute their own methods of secure authentication but I realize a for profit company would never agree to that.
Play services actually works very well for containerizing work apps. Better actually than on iOS. My work can offer a set of apps that are available in this isolated container and apply policy to them that doesn't impact other areas of the phone. I can also shut off all of them with a single button when I am on PTO. Microsoft's apps require these services to build the container, and I believe Android phones in China do not have play services. It's not perfect, but I personally think it works very well.
Oh sure, its not bad. It's just that's exactly the issue. The hybrid configuration of work apps and personal apps in my experience was mentally draining to explain time after time to people and configure in intune and knox. People frequently used it incorrectly. With iOS it was much more subtle and friendly experience I rarely had any issues with the apple users. Perhaps we were using it wrong, but it was a miserable experience for everyone involved.
We tried the work only configuration that was much more pleasant to maintain but we were threatened with a strike if we didn't let people install their own apps.
Edit: This was back in the galaxy s7 days so maybe it's better now.
Maybe read the text? It has nothing to do with prefering iOS. It's just google refused to comply with China's spyware requests some time ago (a broken clock and all that), so it's literally impossible to use android for this in China. Apple on the other hand is happy to suck China's dick hahahaha, so it's the only option. Man, you Apple fans are really brainwashed, this is a bad look for Apple hahahah.
Yeah, I'm not a apple fan. I'm just trying to find the silver lining in a crappy situation. "It's less work managing one environment at least" was the thought.
Personally I strongly prefer Android and I'm happy to see the EU cracking down on Apple.
better, lmao. They're switching to apple because they want their staff to be obedient little guinea pigs that that won't tinker with their phones but are tracked and monitored just the same like all Apple users.
So better for surveillance, of course they are. That's why they're still allowed to operate and bend over to every request by authoritarian nations. But you do you.