Microsoft has recently announced an expansion of cloud logging accessibility and flexibility, aiming to provide customers with deeper security visibility. This expansion comes as a response to collaboration with commercial and government customers, as well as the Cybersecurity and Infrastructure Security Agency (CISA), to address security concerns and offer enhanced insights and analysis in the cloud.
One of the key advancements resulting from this effort is the wider availability of a Microsoft signing key. This development follows a highly publicized incident involving Chinese hackers exploiting the key to gain unauthorized access to multiple corporate and government Microsoft Exchange and Microsoft 365 accounts, leading to the theft of sensitive email data.
By leveraging the capabilities of the cloud, Microsoft is able to provide automatic software updates and centralized security monitoring. This means that customers using the cloud can benefit from detailed and auditable log data, which provides information on application and device access. This data is crucial for digital forensics and incident response teams, as it helps identify instances where an attacker may be posing as an authorized user.
In an effort to further enhance cloud security, Microsoft will be providing worldwide customers with expanded cloud logging capabilities at no additional cost over the coming months. This move is aimed at giving customers deeper visibility into their security posture and helping them respond effectively to security events, investigations, and compliance obligations.
One of the tools customers can utilize to visualize various types of log data is Microsoft Purview Audit. This tool allows customers to gain insights into their security events and enables more effective responses. The expansion of Purview Audit includes the addition of detailed email access logs and over 30 other types of log data that were previously only available at the premium level. Additionally, the retention period for these logs has been extended from 90 days to 180 days.
For customers already using Audit (Premium), the expansion offers access to all available audit logging events, including insights in the Microsoft Purview compliance portal and Office 365 Management Activity API. Moreover, Premium users will benefit from longer retention periods and automation support for importing log data.
CISA Director Jen Easterly has expressed her satisfaction with Microsoft’s decision to provide necessary log types to the broader cybersecurity community at no additional cost. This development is in line with Microsoft’s commitment to ensuring that their products are secure by design and provide essential security data “out of the box.”
The expansion of cloud logging capabilities will be rolled out to all government and commercial customers throughout September 2023. Both existing and new logs can be accessed through the Microsoft Purview compliance portal, where customers can select Audit from the Solutions panel.
Overall, this expansion by Microsoft signifies a significant step towards providing customers with enhanced security visibility in the cloud. By making essential log data more accessible, Microsoft aims to empower organizations to better protect themselves against cyber threats and strengthen their overall security posture.