Microsoft 明确表示,计划将安全性作为其首要任务,在经历了多年的安全问题和不断增加的批评之后,从今天开始,这家软件巨头将安全措施与员工的绩效评估挂钩。
微软首席人力资源官 Kathleen Hogan 在一份内部备忘录中概述了公司对员工的期望。Hogan 说:“所有微软员工都将安全视为核心优先事项。当面临取舍时,答案是明确且简单的:安全至上。”
如果微软员工缺乏安全意识,可能会影响晋升、基于绩效的加薪和奖金。微软在其新的政策 FAQ 中告诉员工:“实现安全核心优先事项的影响将是经理们确定影响并推荐奖励的关键输入。”
微软现在将安全与多样性和包容性并列为其关键优先事项。所有这些都需要成为每位员工绩效对话的一部分——内部称为“Connect”——以及员工与经理之间达成的其他优先事项。
“这不仅仅是合规问题,因为我们要求员工在所有工作中优先考虑安全,并通过在每次完成 Connect 时记录他们的影响来对自己负责,”微软的 FAQ 中写道。
微软员工必须展示他们如何做出有影响力的安全变更。对于技术员工,这意味着在项目开始时将安全纳入产品设计过程,遵循既定的安全实践,并确保产品默认对微软客户是安全的。
所有微软员工都需要使用公司的 Connect 工具进行绩效评估,包括高管,他们也有自己的安全优先任务要完成。作为“安全未来计划”(Secure Future Initiative)的一部分,微软已经在改进其安全措施,以更好地保护微软的网络、生产系统、工程系统等。
微软的许多内部安全变更并未公开,但有些已经影响到了产品,例如 Outlook。微软将在 9 月结束对 Outlook 个人账户基本身份验证的支持,并在 8 月 19 日删除 Outlook 网络应用的简化版。
从 9 月 16 日起,Outlook.com、Hotmail 和 Live.com 用户将需要通过使用现代身份验证的应用访问他们的电子邮件账户,这可能会影响一些第三方电子邮件应用程序和旧版 Outlook、Apple Mail 和 Thunderbird。
以下是 Hogan 的完整备忘录:
At Microsoft, we deliver mission-critical infrastructure that the world depends on to achieve more. With that trust in us comes a great responsibility: to protect our customers, our company, and our world from cyber threats. As Microsoft employees, we all have a role in that responsibility.
As Satya referenced in his May 3 email and again during his FY25 kick off on July 9, security is our number-one priority, and everyone at Microsoft will have security as a Core Priority. When faced with a tradeoff, the answer is clear and simple: security above all else. Our commitment to security is enduring. New and novel attacks will require us to continue to learn, innovate, and defend. Yet working together, we will make nonlinear improvements, stay alert, and meet the expectations of our customers. They are counting on us, and our future depends on their trust.
Our new Security Core Priority reinforces our commitment to security and holds us accountable for building secure products and services. It is now available in the Connect tool for most employees, and we are partnering with geo HR teams to expand access to all employees globally. The Security Core Priority is not a check-the-box compliance exercise; it is a way for every employee and manager to commit to—and be accountable for—prioritizing security, and a way for us to codify your contributions and to recognize you for your impact. We all must act with a security-first mindset, speak up, and proactively look for opportunities to ensure security in everything we do.
The core priority will have two parts:
Core and common elements that apply to all employees
An optional section for employees to further specify how they will activate the Security Core Priority based on their role, team, org, etc.
All employees will set their Security Core Priority as part their first FY25 Connect, with the intent that during regular Connect conversations, you and your manager will discuss your Security Core Priority progress and impact. This process will follow the same approach as our other company-wide core priorities for Diversity & Inclusion and Managers. You can learn more about the Security Core Priority here, including FAQs and Security Core Priority activation examples for three main types of roles: technical, customer and partner-facing, and all other roles.
As we kick off our 50th year as a company, I know we all feel honored and humbled that we are still here—as a relevant and consequential company—pursuing our mission together. When we empower every person and organization on the planet to achieve more, we take on society’s biggest challenges and empower the world. What a big, bold, and meaningful mission we have, and yet none of us can take this for granted. We are here because our customers trust us, and we must continue to earn their trust every day.
Thank you for your commitment to our Security Core Priority that will help protect Microsoft, our customers, and our partners.
Kathleen