Cybersecurity breach in May 2023, Microsoft has recently broadened its free logging capabilities for Purview Audit standard customers, including U.S. federal agencies. The breach, orchestrated by Chinese hackers who stole undetected U.S. government emails, prompted Microsoft to collaborate with CISA, OMB, and ONCD to ensure federal agencies have access to crucial logging data. Starting this month, all agencies using Microsoft Purview Audit will benefit from automatically enabled logs with an extended retention period from 90 to 180 days. This initiative not only meets the logging requirements mandated by OMB Memorandum M-21-31 but also aligns with CISA’s Secure by Design guidance, emphasizing the necessity for technology providers to offer high-quality audit logs without additional charges.
The expansion comes after Microsoft faced criticism for limited access to advanced logging capabilities during the Exchange Online breach. In July, it was disclosed that a Chinese hacking group, Storm-0558, accessed and stole Outlook data from approximately 25 organizations, including government agencies. The new logging feature aims to empower network defenders to promptly detect and respond to similar breach attempts in the future, addressing concerns raised by CISA. Microsoft’s commitment to cybersecurity and collaboration with federal entities demonstrates a proactive approach in ensuring the safety and security of technology for organizations.
