Based on a collaborative partnership between CISA and Microsoft, many Microsoft customers will now have access to expanded cloud logging capabilities at no additional charge, which will enhance cyber defense and incident response. The expanded access comes in response to a cyber incident in June involving a government agency where advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange Online Outlook data.
According to CISA’s press release, Microsoft’s decision is a significant step toward advancing security by design principles and a strong example of effective partnership resulting in better cybersecurity at a national scale. Over the past several years, operational teams at CISA identified several security logs critical for detecting and preventing threat activity that cost extra for organizations utilizing the Microsoft basic enterprise license. For example, in the aforementioned incident, an affected government agency used available logging data to quickly enable remediation actions to limit damage. Going forward, these additional logging capabilities will now be available at no extra cost to federal government customers and Microsoft commercial customers beginning in September.
The move toward a secure by design cyber ecosystem took a step forward with the announcement that Microsoft would make logging more accessible to all organizations. Working together, CISA helped Microsoft identify the logs that had been most helpful in discovering malicious cyber activity and Microsoft responded by including those logs as standard for their basic enterprise customers. This business decision focused on security by design is also an excellent example of corporate cyber responsibility. As these enhancements are implemented, members are highly encouraged to use Microsoft Purview Audit to centrally visualize more types of cloud log data generated across your network environments. Read more at CISA.