Microsoft will require its employees in China to only use iPhones due to their enhanced security features.
The move comes as Microsoft undertakes a major cybersecurity overhaul. The project, internally known as the Secure Future Initiative, comes after Microsoft faced scrutiny for its subpar security practices. Microsoft’s new policy, which will go into effect in September, means that employees in China will only be allowed to use iPhones for work, as first reported by Bloomberg. The new rule is meant to effectively limit the number of Android phones used by Microsoft’s Chinese employees.
Microsoft will begin requiring employees to verify their identities and use two-factor authentication when logging into their work phones.
Microsoft had to ask its employees to only use iPhones for work because certain security apps like Microsoft Authenticator and the Identity Pass app weren’t available on any other operating systems in China. In the U.S. and other countries, those two apps are also available on Google Play. But Google Play doesn’t operate in China, which means Microsoft’s employees could only get the relevant security apps on an Apple iPhone.
“Due to the lack of availability of Google Mobile Services in this region, we look to offer employees a means of accessing these required apps, such as an iOS device,” a Microsoft spokesperson told Fortune in an email.
Employees in China who don’t have an iPhone will be given one by Microsoft, according to Bloomberg.
Chinese Android phones made by companies like Huawei and Xiaomi operate their own platforms. Microsoft’s banning of Chinese smartphones is emblematic of a diverging digital ecosystem between China and the U.S. where the two governments and major corporations that work with them have become increasingly wary of allowing the other to access sensitive materials.
China has its own search engines and social media platforms, where U.S. giants like Facebook are banned. Its internet censors are legendary for their breadth and strictness. Meanwhile, in the U.S. the White House has limited exports of the most sophisticated semiconductor technology to Chinese companies. And Congress passed a bill that would force the sale of the Chinese-owned TikTok to an American buyer over concerns the social media platform could be used to influence public opinion.
Cyber security became a top priority for Microsoft after it was found its cloud systems were breached by state-backed Chinese hackers last year. The cyber attack came ahead of Secretary of State Anthony Blinken’s visit to Beijing in June 2023, further exacerbating tensions between the U.S. and China. The hack raised major red flags about Microsoft’s security practices. In April a federal agency released a scathing report that found “Microsoft’s security culture was inadequate.”
In March, a U.S. federal court charged a group of Chinese hackers for a separate set of cyber attacks that took place in 2018. The Chinese embassy in Washington D.C. said the charges were baseless. “Without valid evidence, the U.S. jumped to an unwarranted conclusion and made groundless accusations against China,” Liu Pengyu, a spokesperson for the embassy said at the time.
As the relationship between the U.S. and China becomes more fraught, both sides have tried to firewall the others’ cyber capabilities. Since 2023, Chinese government-backed companies have ordered employees to stop using foreign smartphones from manufacturers like Apple and Samsung. Meanwhile China has attempted to surveil parts of the U.S. with its own surreptitious methods. Early last year China sent several spy balloons into the U.S. Even electric vehicles and connected cars have been caught in the crosshairs, seen as a covert way to surveil Americans. The Biden administration is weighing a ban of all Chinese smart cars after a national security investigation found they collect data on passengers and use external sensors to gather information on U.S. infrastructure. A recent Fortune investigation found China’s self-driving cars have already traveled 1.8 million miles on American roads.
Those tensions have only grown after a report published on Tuesday by an Australian-led consortium of intelligence agencies including those from the U.S., U.K., Japan, and Germany detailed repeated cyber attacks from China’s top spy agency.
