Microsoft trumpets updated HR-friendly policies (that comply with recently changed laws)

Bins non-competes and promises salary transparency


Microsoft has announced changes to labour relations policy for its US workforce that touch on noncompete clauses, confidentiality agreements and pay transparency.

“Microsoft is announcing new changes and investments aimed at further deepening our employee relationships and enhancing our workplace culture,” wrote HR execs Amy Pannoni and Amy Coleman on the company blog.

The pair wrote that the changes reflect employee fedback.

They also reflect changes to laws in Microsoft’s home state of Washington, specifically with regards to pay transparency and non-disclosure agreements.

Microsoft says it prohibited the practice of asking job applicants for salary history several years ago and will publicly disclose salary ranges in its internal and external US job postings by January 2023. That date coincides with the day amendments to the Washington Equal Pay and Opportunity Act come into effect, requiring employers to disclose information about pay and other benefits in job postings in the state.

Microsoft has been in trouble in the past in this arena. Just last month it’s professional social network LinkedIn settled with the US Department of Labor over charges it systematically underpaid women in engineering, product and marketing roles.

The other change - again meeting requirements under Washington law - concerns policies on employees’ rights to discuss or share terms and conditions of employment or possible employer misconduct. Or as Microsoft puts it “fostering a safe space for concerns.”

“Separate from employee agreements, there have been times when Microsoft resolved disputes with employees or provided separation benefits through agreements that had typically included confidentiality provisions,” said the company.

“Microsoft’s U.S. settlement and separation agreements no longer include confidentiality language that prohibits workers from disclosing alleged conduct that they perceive is illegal discrimination, harassment, retaliation, sexual assault, or a wage and hour violation occurring in the workplace,” the post explains.

In March 2022, Washington governor Jay Inslee signed the Silence No More Act, which prohibited agreements containing nondisclosure provisions on settlements related to workplace incidents, thereby making it difficult for companies to cover up bad behaviour like wage violations and sexual harassment.

That law goes into effect Thursday 9 June, a day after Microsoft announced the policy change.

In 2019 Microsoft received attention surrounding normalized workplace harassment when an email chain detailed female work experiences full of personal accounts of gender discrimination, sexual harassment and microaggressions. Since then, it was alleged that founder and former CEO Bill Gates himself had a "reputation for questionable conduct in work-related settings."

The other policy change involves the removal of noncompete clauses, which are actually only enforceable in certain jurisdictions to begin with. For example, in California, they are automatically void except in extremely limited situations. In other states it can be less clear cut, but state laws in general trend toward limiting or banning their enforcement.

“While our existing employee agreements have noncompete obligations, we do not endorse the use of such provisions as a retention tool,“ said Microsoft, as it announced it is removing them in the US, with the exception of senior leadership.

In addition to the changes, Microsoft said it would conduct a third-party civil rights audit of its workforce policies and practices, guided by U.S. civil rights law with the intent of identifying addressable issues. The Register reached out to Microsoft to find out if there were any plans to extend the policies to international employees and will update if there is a response. ®

Broader topics


Other stories you might like

  • Start using Modern Auth now for Exchange Online
    Before Microsoft shutters basic logins in a few months

    The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.

    In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.

    "Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."

    Continue reading
  • Microsoft gives its partners power to change AD privileges on customer systems – without permission
    Somewhat counterintuitively, this is being done to improve security

    Microsoft has created a window of time in which its partners can – without permission – create new roles for themselves in customers' Active Directory implementations.

    Which sounds bonkers, so let's explain why Microsoft has even entertained the prospect.

    To begin, remember that criminals have figured out that attacking IT service providers offers a great way to find many other targets. Evidence of that approach can be found in attacks on ConnectWise, SolarWinds, Kaseya and other vendors that provide software to IT service providers.

    Continue reading
  • FabricScape: Microsoft warns of vuln in Service Fabric
    Not trying to spin this as a Linux security hole, surely?

    Microsoft is flagging up a security hole in its Service Fabric technology when using containerized Linux workloads, and urged customers to upgrade their clusters to the most recent release.

    The flaw is tracked as CVE-2022-30137, an elevation-of-privilege vulnerability in Microsoft's Service Fabric. An attacker would need read/write access to the cluster as well as the ability to execute code within a Linux container granted access to the Service Fabric runtime in order to wreak havoc.

    Through a compromised container, for instance, a miscreant could gain control of the resource's host Service Fabric node and potentially the entire cluster.

    Continue reading

Biting the hand that feeds IT © 1998–2022