Microsoft has announced the expansion of free logging capabilities for all Purview Audit standard customers, including U.S. federal agencies, six months after revealing a breach where Chinese hackers stole U.S. government emails undetected. The logging extension is part of Microsoft’s collaboration with CISA, the Office of Management and Budget (OMB), and the Office of the National Cyber Director (ONCD) to provide federal agencies with essential data to detect and prevent similar attacks. The changes include automatic activation of logs in customer accounts, an increase in the default log retention period from 90 to 180 days, and the provision of new telemetry to help agencies meet logging requirements outlined by OMB Memorandum M-21-31.
This initiative aligns with CISA’s Secure by Design guidance, emphasizing the necessity for technology providers to offer high-quality audit logs without additional configuration or extra charges. The move follows a July disclosure by Microsoft, revealing that a Chinese hacking group accessed and stole Exchange Online Outlook data from approximately 25 organizations, including U.S. and Western European government agencies. The breach prompted criticism as enhanced logging capabilities were initially available only to customers with Microsoft’s Purview Audit (Premium) logging licenses. In response to pressure from CISA, Microsoft decided to broaden access to logging data for free, allowing network defenders to better detect and respond to security threats.
