Microsoft has told all its employees in China that they will soon only be allowed to use iPhones for work purposes. The ban on Android devices is part of a security-related Microsoft initiative for providing a unified way of managing and verifying employee identities.
The mandate, set to come into effect in September 2024, was announced in an internal memo seen by Bloomberg News. It will require Microsoft’s China-based workers to verify their identities when logging in to work computers or phones. The change is part of Microsoft’s global Secure Future Initiative that is intended, among other things, to ensure that all staff use the Microsoft Authenticator password manager and Identity Pass app.
While Apple’s iOS store is available in China, Google Play isn’t. Local smartphone giants such as Huawei and Xiaomi operate their own platforms in the country, but Microsoft has chosen to block access from those companies’ devices to its corporate resources because they lack Google’s mobile services, reads the memo.
Any staff in the country using Android handsets, including those from Huawei or Xiaomi, will be provided with an iPhone 15, as a one-time purchase. The Redmond giant is designating collection points across China where employees can pick up their iPhones.
Microsoft is also introducing the iPhones-only rule in Hong Kong, despite the Google Play Store being available in the special administrative region of China.
This is less of a “iPhones are more secure” thing and more “Google play is banned in China” thing.
Apple willingly extinguishes freedom of speech to protect app store profits:
https://www.theverge.com/2023/10/3/23901205/apple-app-store-government-license-china
https://edition.cnn.com/2024/04/19/tech/china-apple-whatspp-threads-removal-hnk-intl/index.html
It’s not like Microsoft can’t send APKs over-the-air. Whatever the reason, it’s not because of Google Play.
Man, I’d hate to see an IT department you were in charge of.
I may be completely off the mark, but I’m pretty sure that Intune device management doesn’t allow you to push arbitrary APKs out to managed Android devices. There would still also be the issue of getting the device managed to start with.
Microsoft isn’t about to roll out their own version of the Play Store just to serve APKs to their Chinese employees.
They also are not going to try and manage rolling out updates to whatever cluster mess of different android devices those employees use, tracking update compliance, etc
Any other solution to this involves considerable extra work for their internal IT team(s). Easier to just force everyone needing access to corporate devices to use a single standard (and buy company phones for the few who raise a stink).
I think that intune has the same control over Android as it does iOS. One a device is enrolled, it can be wiped and sandboxed apps can be approved or denied. I’m not sure about pushing apps to phones, I think the end user had to download it still. Regardless, is not about Microsoft and it’s control, it’s about China and their control, and Apple gets on their knees and opens wide.
Intune and all other Mobile Device Management services depend on working with the provided APIs from the underlying OS.
For Android, this is the Android Management API and is part of the Google Services Framework, which is what’s blocked in China. No GSF no management API either. MS could build their own, but that’s a lot of time and money for “just” their China based employees
It’s not just Google play that’s blocked, the entirety of the Google Services Framework is blocked in China, including the security framework that is part of it.
MS would have to build their own bespoke Android security framework in addition. Which is a whole hell of a lot more than just “sending the APK over the air”
Yes, device management systems can push apps directly to devices, but the devices have to be managed first. So I think it probably is about the lack of Google Play.
One of the hardest parts of managing devices is getting them enrolled in device management in the first place. Microsoft uses the Microsoft Authenticator app to authenticate users as part of the enrollment process, so they know which employee is using the device and how to configure it. They need a reliable app store to distribute that app, and they need to do it before the device is managed. So usually they rely on Google Play.
Sounds like Google’s enterprise features have a dependency on Google Play (and presumably GSF) and Android phones in China can’t be turned into work phones as a result. Makes a lot of sense.
Any staff in the country using Android handsets, including those from Huawei or Xiaomi, will be provided with an iPhone 15, as a one-time purchase
Fuck off. If you’re mandating what device I’m to use for work; you’re going to provide said device free of charge, or shut the fuck up when I use whatever I like.
That’s my read of it, or am I misunderstanding something?
Microsoft will purchase for their Android using employees an iPhone 15. The reference to one-time being that employees are only entitled to one, in the event they were to lose or damage it?
I could be wrong; but it came across to me as a “we’ll sell you one at a special discount”
Fair enough; it’s a bit vaguely worded and could be interpreted multiple ways.
From my experience, big corporations have always either provided me with company-issued phones for official use, or offered an additional allowance if I’ve opted to use my own personal device.
Then again, given how absolutely absurd some of Microsoft’s recent decisions have been (eg. Recall) - you can’t really be certain.
Considering they are designating “collection points” for the phones, I think you read it correctly.
One-time purchase is probably to incentivize not losing/selling your company phone.
In China you don’t get to have that opinion.
That’s not how it works in “communist” China.
Workers don’t have too many rights.
Workers don’t have too many rights.
Maybe not stellar but still better than quite a few of the 135 countries surveyed by this NGO in 2022. Behind Brazil, Russia and South Africa but ahead of India. Better than the so-called “land of the free” also, so maybe the joke’s on them?
That’s a lot of whataboutism you’re doing there.
sorry if the data I brought disturbed your China bashing, you’re free to ignore it
Oh poor China! How dare I bash such a paradise (non-Han Chinese excepted)!
👀
It’s a Google updates issue since they’re blocked. Apple isn’t but they comply with the Chinese government just as much as they do in the US as does Google. Remember Google is banned because it would not comply with China. How quickly the Americans forget.
Most likely the corporate spyware that Microsoft enables, requires very recent Google services and Apple services to operate. It’s pretty standard in the corporate spyware world. Usually just a few months out of date at most.
The Redmond giant
One of my least favorite things in journalism. Idk if it is SEO or what but it’s so bizarre.
It’s just a writer seeking to vary their language a bit. It’s a trick to keep themselves from repeating “Microsoft” quite so many times in a short span, as too much word repetition can cause readers to “tune out”.
That’s fair enough, but “the X giant” in particular I see so often. It feels like an in-joke amongst journalists or something.
It sucks so bad when people do this in Russian.
Same person monotonously being referred to as “young woman” (not that it has anything to do in the context, just to replace “she” or “<name>”), “<hobby>”, “<profession>”, “<place where they live>”, some other crap instead of refactoring and compressing the text a bit.
It works when there’s relevant information.
Oh I could help them out with a few synonyms: The asshats with the Internet Explorer, the start menu advertising clowns, the BSOD guys, the USE ONLY MY WEBBROWSER bullies, …
Nice, no phone means no constant nagging. Thanks MS, always looking out for me.
I know you’re joking, but having a seperate phone exclusively for work stuff is actually great, specifically because it makes it easier to entirely seperate yourself from work. At my old job, I was given a work phone and it was the only phone number I used for all my work stuff. When I was at work, I would answer it, and outside of that it was off or on silent in my work bag. If they wanted me to answer outside of work hours, they had to pay me on-call rates. The same thing applied to group chats and other work-related stuff like that, (e.g. emails). It all went to that phone, and unless I was being paid to be contactable outside of work hours, I wouldn’t be.
The only exception to that was my manager and a select few people who had my personal number for genuine emergencies, and if they used my personal number to contact me asking me about work, it was entirely at my discretion to respond and would mean I’d get on-call pay.
It also meant I could keep my work and personal accounts/apps/etc. completely seperate. If they asked me to download some random app, I could do it on the work phone without worrying about whether they would be able to access other data on my phone or anything like that. Whenever I needed a phone number for 2FA or whatever, I could use the work number and not worry about where exactly that number would end up or how it might be used. For example, I used my work number to register for a conference, and then for months afterwards I would get calls and texts from sales people. That was still slightly annoying, but it was much better than getting calls on my personal phone.
It also meant that when I left that job, I could just wipe that phone without having to worry about having personal data on there, because I never used it for anything except work stuff.
It does sound like Microsoft is asking their employees to pay for an iPhone which is a bit dodgy in my opinion, but I’d still probably take the opportunity to use it completely for work and keep my personal phone seperate. It’s easy enough to get another number, and then when you leave that job you can cancel it and get a new number for the next job, cutting that link entirely.
Free iPhone. Not bad
It says they’ll be provided one as a “one time purchase” so I’m thinking it’s not free and they have one chance to buy it
That’s corporate for “we will deduct it from your paycheck”.
China, so definitely not the same worker protections; but where I’m at, that kind of deduction isn’t legal.
I’m a senior manager for a company in China, and that isn’t legal here either. Pretty sure they’ll provide it for free. Even when we are talking about somewhat decently paid employees, that phone easily costs a whole month’s salary, potentially more.
Being required such an insane purchase is completely inappropriate… I wonder how old they’re allowed to be, this could only be affordable as old and secondhand.
I read it as Microsoft will provide it by purchasing it once.
Ops
Almost Makes working at nearly slave labor with minimal regards for human rights worth it!
Maybe just release AND support some decent phones if your own, Macroshit.
Macroshit
It’s not necessary to change the name to make fun of them. We’ve been giggling at the name “Micro Soft” alone for 30 years.
Have you seen Windows 11? I have no faith Microsoft could produce a decent phone OS that would serve users well.
The Microsoft phone was decent, but, yea, their app store was lacking. Shoutout to the Zune, which was pretty good software & hardware from what I can remember.
I really liked the Microsoft phones 12 years ago.
I will forever maintain that on a purely hardware level that the Zune was better than the iPod. iTunes and later the App Store for iPod Touch is what made iPod won. Zune had no apps.
Dude I went to high school with loved the zune so much he got it’s logo or something tattooed on him. Of course he also liked to tase his own balls, so his tastes were questionable.
Phone or not, I don’t think Microsoft has the ability to listen to their users anymore at all
The opposite of microsoft is Megahard
microsoft is small and can’t get hard
But iPhones are made by your own fucking competition, Microsoft.
And Android phones are also made by Microsoft’s competitor in many fields.
To me the bigger wtf is why Apple has an App store there, but Android do not.
Android is being used by Microsoft now since Windows Phone didn’t really do very well. Their Surface Duo device runs Android. Windows 11 has a “Windows Subsystem for Android” feature… that uses the Amazon Appstore (and is actually getting phased out - the WSA thing, not the Amazon Appstore).
And yeah, I have no idea why the Google Play Store isn’t available there, seems like a pretty weird decision. Can you tell I hate geoblocking?
Google can’t operate Play Store in China because it closed its Chinese offices in response to China attempting to hack them (and several other corporations) back in 2010 (Operation Aurora).
Apple didn’t fall victim to this?
Probably already hacked/complicit.
(edit: see other comment with articles about it)
Oh right.
deleted by creator
Trying to see if I can reply to a deleted comment, feel free to downvote since what I’m saying is completely irrelevant.
I don’t like apple but due to the heavy nuance of this situation I approve of this action. It would have been better for them to develop and distribute their own methods of secure authentication but I realize a for profit company would never agree to that.
The enterprise features are nicer on iOS and less confusing for clients and administrators. So I can understand the appeal of eliminating android.
Play services actually works very well for containerizing work apps. Better actually than on iOS. My work can offer a set of apps that are available in this isolated container and apply policy to them that doesn’t impact other areas of the phone. I can also shut off all of them with a single button when I am on PTO. Microsoft’s apps require these services to build the container, and I believe Android phones in China do not have play services. It’s not perfect, but I personally think it works very well.
Oh sure, its not bad. It’s just that’s exactly the issue. The hybrid configuration of work apps and personal apps in my experience was mentally draining to explain time after time to people and configure in intune and knox. People frequently used it incorrectly. With iOS it was much more subtle and friendly experience I rarely had any issues with the apple users. Perhaps we were using it wrong, but it was a miserable experience for everyone involved.
We tried the work only configuration that was much more pleasant to maintain but we were threatened with a strike if we didn’t let people install their own apps.
Edit: This was back in the galaxy s7 days so maybe it’s better now.
Maybe read the text? It has nothing to do with prefering iOS. It’s just google refused to comply with China’s spyware requests some time ago (a broken clock and all that), so it’s literally impossible to use android for this in China. Apple on the other hand is happy to suck China’s dick hahahaha, so it’s the only option. Man, you Apple fans are really brainwashed, this is a bad look for Apple hahahah.
Yeah, I’m not a apple fan. I’m just trying to find the silver lining in a crappy situation. “It’s less work managing one environment at least” was the thought.
Personally I strongly prefer Android and I’m happy to see the EU cracking down on Apple.
Oh no! Chinese employees must use a better operating system! How dare they!
Simping for a company is sad bro
TIL: Considering one of two major competitors technically better than the other is “simping” now.
Which one is “better” is subjective, so yes it is simping. There are some things one does better than the other, and some things people prefer over the other
Want a fingerprint sensor? Then people would say Android/Galaxy/Pixel phones are better just for that one thing alone. That’s subjective; an opinion
It’s such a childish, stupid thing to want to be “right” over. Like we’re back to the “Xbox or PlayStation is better” conversation
better, lmao. They’re switching to apple because they want their staff to be obedient little guinea pigs that that won’t tinker with their phones but are tracked and monitored just the same like all Apple users.
So better for surveillance, of course they are. That’s why they’re still allowed to operate and bend over to every request by authoritarian nations. But you do you.