Microsoft Expands Cloud Logging to Counter Nation-State Cyberthreats
In close coordination with commercial and government customers and the Cybersecurity and Infrastructure Security Agency (CISA), the tech giant is enhancing the security baseline of its cloud platforms.
The primary steps involve expanded accessibility and flexibility in cloud logging, a crucial part of incident response and forensic investigations. While the logs themselves don't prevent cyberattacks, they provide a granular, auditable insight into how different identities, applications, and devices access a customer's cloud services. Their role is vital in tracking and understanding intrusion attempts.
Over the next few months, Microsoft plans to extend access to a broader range of cloud security logs for its worldwide customers, at no extra cost. Once implemented, customers will be able to use Microsoft Purview Audit for a centralized visualization of more types of cloud log data generated across their enterprise.
The Microsoft Purview Audit tool is a boon for customers, allowing them to visualize cloud log data centrally. This enables them to respond effectively to security events and meet internal and compliance obligations.
The improved log defaults will offer Microsoft Purview Audit (Standard) customers deeper insights into security data, previously only accessible with a premium subscription. This includes detailed logs of email access and 30 other types of log data. Furthermore, Microsoft is doubling the default retention period for these customers from 90 to 180 days.
In the recent China-linked breach, key logging information required to detect the attack was only available to purchasers of Microsoft’s top-tier Microsoft 365 cloud service, known as E5, - Microsoft officials said. That left some customers with cheaper plans and no way of figuring out whether they had been hacked.
E5/G5 licensed customers already using Microsoft Purview Audit (Premium) will continue to enjoy access to all available audit logging events. These logs provide intelligent insights, which help to determine the scope of potential compromise, and they support longer default retention periods and automation for importing log data into other analysis tools.
CISA Director Jen Easterly lauded Microsoft's move, stating it as a significant stride towards the broader adoption of Secure by Design principles by more companies. She promised continued collaboration with all technology manufacturers, including Microsoft, to improve product visibility for all customers.
These security enhancements will be introduced in September 2023 to all government and commercial customers. Customers can access the expanded logs by visiting the Microsoft Purview compliance portal.
The tech titan acknowledges that different customers have varying needs and preferences when it comes to where they save their audit logs, how they are analyzed, and their retention period.
Microsoft affirms that cybersecurity is a collective effort requiring trust and transparency, and they are confident that the expanded logging rollout will benefit customers in managing their security needs.
They will continue to keep the community posted on these developments, demonstrating their commitment to creating a safer world for all, leveraging built-in chip-to-cloud technology, their security development cycle, and multifactor authentication default settings.