In response to increasing security threats and concerns, Microsoft has underscored its commitment to security as its top priority. Earlier this year, the company faced significant backlash due to several high-profile security incidents. To address these concerns, Microsoft is now ensuring that every employee is actively involved in maintaining the security and integrity of its devices and services.
A recent internal memo circulated among Microsoft employees indicates that the tech giant is linking its security efforts directly to employee performance reviews. In the memo, Kathleen Hogan, Microsoft’s chief people officer, outlined the company’s expectations for its employees. Failing to adhere to security measures could result in career consequences, including limited promotion opportunities, reduced bonuses, and smaller salary increases, as the company now ties employee performance to security responsibilities.
Microsoft’s internal FAQs state, “It goes beyond compliance, as we are asking employees to prioritize security in all the work that they do and hold themselves accountable by capturing their impact on it whenever they complete a Connect.” This directive underscores the importance of security across all levels of the organization.
To demonstrate their commitment to security, Microsoft employees, particularly those in technical roles, must show they have made meaningful improvements. This includes integrating security measures from the beginning of product development, adhering to established protocols, and ensuring products are secure for customers from the outset.
Earlier this year, a report by the Cyber Safety Review Board highlighted a series of security threats, pointing out that Microsoft’s security culture required significant improvement. These attacks prompted swift action within Microsoft to bolster defenses and prevent further breaches.
The situation escalated when Chinese hackers exploited a Microsoft Cloud vulnerability, breaching US government emails last year. This breach allowed access to the email inboxes of 22 organizations, affecting over 500 individuals, including US government employees involved in national security.
In response to these challenges, Microsoft has implemented numerous internal security enhancements, some of which have had a noticeable impact on consumer-facing products like Outlook. For instance, Microsoft is phasing out Basic Authentication for personal Outlook accounts starting in September and will discontinue the simplified version of the Outlook web app on August 19. This move represents a shift towards more secure authentication methods and an improved user experience.
Starting September 16, users of Outlook.com, Hotmail, and Live.com will need to access their email accounts through apps using Modern Authentication. This change may affect some third-party email apps and older versions of Outlook, Apple Mail, and Thunderbird.
By integrating security into employee performance reviews and implementing robust security measures, Microsoft aims to strengthen its defenses and ensure the safety and security of its products and services.
