Microsoft has told all its employees in China that they will soon only be allowed to use iPhones for work purposes. The ban on Android devices is part of a security-related Microsoft initiative for providing a unified way of managing and verifying employee identities.
The mandate, set to come into effect in September 2024, was announced in an internal memo seen by Bloomberg News. It will require Microsoft’s China-based workers to verify their identities when logging in to work computers or phones. The change is part of Microsoft’s global Secure Future Initiative that is intended, among other things, to ensure that all staff use the Microsoft Authenticator password manager and Identity Pass app.
While Apple’s iOS store is available in China, Google Play isn’t. Local smartphone giants such as Huawei and Xiaomi operate their own platforms in the country, but Microsoft has chosen to block access from those companies’ devices to its corporate resources because they lack Google’s mobile services, reads the memo.
Any staff in the country using Android handsets, including those from Huawei or Xiaomi, will be provided with an iPhone 15, as a one-time purchase. The Redmond giant is designating collection points across China where employees can pick up their iPhones.
Microsoft is also introducing the iPhones-only rule in Hong Kong, despite the Google Play Store being available in the special administrative region of China.
Man, I’d hate to see an IT department you were in charge of.
I may be completely off the mark, but I’m pretty sure that Intune device management doesn’t allow you to push arbitrary APKs out to managed Android devices. There would still also be the issue of getting the device managed to start with.
Microsoft isn’t about to roll out their own version of the Play Store just to serve APKs to their Chinese employees.
They also are not going to try and manage rolling out updates to whatever cluster mess of different android devices those employees use, tracking update compliance, etc
Any other solution to this involves considerable extra work for their internal IT team(s). Easier to just force everyone needing access to corporate devices to use a single standard (and buy company phones for the few who raise a stink).
I think that intune has the same control over Android as it does iOS. One a device is enrolled, it can be wiped and sandboxed apps can be approved or denied. I’m not sure about pushing apps to phones, I think the end user had to download it still. Regardless, is not about Microsoft and it’s control, it’s about China and their control, and Apple gets on their knees and opens wide.
Intune and all other Mobile Device Management services depend on working with the provided APIs from the underlying OS.
For Android, this is the Android Management API and is part of the Google Services Framework, which is what’s blocked in China. No GSF no management API either. MS could build their own, but that’s a lot of time and money for “just” their China based employees