Microsoft announced yesterday that it will provide organizations access to expanded cloud logging data at no additional cost to prevent potential cyberattacks. The announcement comes in response to criticism the company faced regarding the lack of security logs for select cloud licenses.
Last week, Microsoft confirmed a series of attacks from a Chinese hacking group that breached the Exchange email accounts of around 25 organizations. The researchers found that Storm-0558 acquired an inactive MSA consumer signing key and used it to gain access to email accounts in Outlook Web Access in Exchange Online and Outlook.com. The espionage campaign highlighted that organizations should have detailed logging data to collect evidence of compromise.
Going forward, Microsoft plans to provide standard subscribers with a wide range of cloud logs within Microsoft Purview Audit. Customers will have deeper visibility into detailed logs for email access and 30 other types of log data. Up until now, this capability was only available for Purview premium subscribers.
Microsoft will also extend the retention time for logs from 90 days to 180 days. It should provide access to historical data to help with incident response investigations. Microsoft has collaborated with the US Cybersecurity and Infrastructure Security Agency (CISA) to boost protection against cyberattacks.
“While we recognize this will take time to implement, this is truly a step in the right direction toward the adoption of Secure by Design principles by more companies. We will continue to work with all technology manufacturers, including Microsoft, to identify ways to further enhance visibility into their products for all customers,” said Jen Easterly, CISA’s Executive Assistant Director for Cybersecurity.
Microsoft plans to roll out the expanded logging access in September for all commercial and government customers. Customers will be able to access new and existing logs within the Microsoft Purview compliance portal.