Microsoft announced earlier this year that security would become its top priority, after years of problems and mounting criticism in the area. Following that decision, starting today, the Redmond giant is tying its security efforts to employee performance reviews.
Kathleen Hogan, Microsoft’s chief people officer, outlined the company’s expectations for employees in an internal memo. “Everyone at Microsoft will have security as a top priority,” Hogan says. “When faced with a trade-off, the answer is clear and simple: security first.”
Employees’ lack of attention to security could impact promotions, merit-based raises, and bonuses. “The impact on the core security priority will be a key input for managers in determining impact and recommending rewards,” Microsoft said in an internal FAQ about the new policy.
Kathleen Hogan, Chief People Officer di Microsoft
Microsoft has now made safety a top priority, alongside diversity and inclusion. Both are now required as part of performance conversations — internally called “Connect” — for every employee, along with priorities agreed upon between employees and their managers.
Microsoft employees will be expected to demonstrate how they have made significant changes in security. For technical employees, this means embedding security in product design processes from the beginning of a project, following established security practices, and ensuring that products are secure by default for Microsoft customers.
“It goes beyond simple compliance, as we ask employees to prioritize security in all the work they do and hold themselves accountable by recording their security impact every time they complete a Connect,” Microsoft’s FAQ reads.
Many of Microsoft’s internal security changes haven’t been made public, but some have impacted multiple products. For example, Microsoft is ending support for Basic Authentication for personal Outlook accounts in September, and will remove the light version of the web app on August 19. Outlook.com, Hotmail, and Live.com users will then have to sign in to their email accounts through apps that use Modern Authentication on September 16, which may impact some third-party email apps and older versions of Outlook, Apple Mail, and Thunderbird.
What do you think about Microsoft’s new internal policies? Let us know in the comments below.