Microsoft has told all its employees in China that they will soon only be allowed to use iPhones for work purposes. The ban on Android devices is part of a security-related Microsoft initiative for providing a unified way of managing and verifying employee identities.

The mandate, set to come into effect in September 2024, was announced in an internal memo seen by Bloomberg News. It will require Microsoft’s China-based workers to verify their identities when logging in to work computers or phones. The change is part of Microsoft’s global Secure Future Initiative that is intended, among other things, to ensure that all staff use the Microsoft Authenticator password manager and Identity Pass app.

While Apple’s iOS store is available in China, Google Play isn’t. Local smartphone giants such as Huawei and Xiaomi operate their own platforms in the country, but Microsoft has chosen to block access from those companies’ devices to its corporate resources because they lack Google’s mobile services, reads the memo.

Any staff in the country using Android handsets, including those from Huawei or Xiaomi, will be provided with an iPhone 15, as a one-time purchase. The Redmond giant is designating collection points across China where employees can pick up their iPhones.

Microsoft is also introducing the iPhones-only rule in Hong Kong, despite the Google Play Store being available in the special administrative region of China.

You are viewing a single thread.
View all comments View context
-35 points

It’s not like Microsoft can’t send APKs over-the-air. Whatever the reason, it’s not because of Google Play.

permalink
report
parent
reply
54 points

Man, I’d hate to see an IT department you were in charge of.

I may be completely off the mark, but I’m pretty sure that Intune device management doesn’t allow you to push arbitrary APKs out to managed Android devices. There would still also be the issue of getting the device managed to start with.

Microsoft isn’t about to roll out their own version of the Play Store just to serve APKs to their Chinese employees.

They also are not going to try and manage rolling out updates to whatever cluster mess of different android devices those employees use, tracking update compliance, etc

Any other solution to this involves considerable extra work for their internal IT team(s). Easier to just force everyone needing access to corporate devices to use a single standard (and buy company phones for the few who raise a stink).

permalink
report
parent
reply
2 points

I think that intune has the same control over Android as it does iOS. One a device is enrolled, it can be wiped and sandboxed apps can be approved or denied. I’m not sure about pushing apps to phones, I think the end user had to download it still. Regardless, is not about Microsoft and it’s control, it’s about China and their control, and Apple gets on their knees and opens wide.

permalink
report
parent
reply
30 points

Intune and all other Mobile Device Management services depend on working with the provided APIs from the underlying OS.

For Android, this is the Android Management API and is part of the Google Services Framework, which is what’s blocked in China. No GSF no management API either. MS could build their own, but that’s a lot of time and money for “just” their China based employees

permalink
report
parent
reply
43 points

It’s not just Google play that’s blocked, the entirety of the Google Services Framework is blocked in China, including the security framework that is part of it.

MS would have to build their own bespoke Android security framework in addition. Which is a whole hell of a lot more than just “sending the APK over the air”

permalink
report
parent
reply
6 points

Yes, device management systems can push apps directly to devices, but the devices have to be managed first. So I think it probably is about the lack of Google Play.

One of the hardest parts of managing devices is getting them enrolled in device management in the first place. Microsoft uses the Microsoft Authenticator app to authenticate users as part of the enrollment process, so they know which employee is using the device and how to configure it. They need a reliable app store to distribute that app, and they need to do it before the device is managed. So usually they rely on Google Play.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 16K

    Monthly active users

  • 12K

    Posts

  • 553K

    Comments