Microsoft has decided to remove the fees associated with expanded logging access for all levels of 365 license holders, following complaints that the company was essentially imposing a “logging tax” on its customers. This move by Microsoft comes after the Cybersecurity and Infrastructure Security Agency (CISA) released an update on an ongoing espionage campaign targeting Microsoft 365 by a Chinese Advanced Persistent Threat (APT) group known as Storm-0558. This campaign emphasizes the importance for organizations to have access to detailed logging to gather evidence of compromise.
Microsoft has recognized the need to make logging data more economically accessible. In a statement to Dark Reading, the company stated, “These steps are the result of close coordination with commercial and government customers, and with CISA about the types of security log data Microsoft provides to cloud customers for insight and analysis as the threat landscape continues to evolve.”
Going forward, Microsoft Purview Audit Standard customers will have deeper visibility into security data, including detailed logs of email access and more than 30 other types of log data that were previously available only to Purview premium subscribers. Microsoft explained that these audit logs enable enterprises to visualize cloud log data, helping customers effectively respond to security events and investigate any data breaches. Additionally, Microsoft will extend the retention time for logs from 90 days to 180 days.
Eric Goldstein, the executive assistant director for cybersecurity at CISA, commended Microsoft’s decision. In a statement of support, Goldstein said, “We believe that every organization deserves to have products that are secure by design and come with necessary security data ‘out of the box.’ Microsoft’s announcement today is an important step forward in advancing the security of our communities, companies, and country, recognizing our shared work yet to come.”
This move by Microsoft has been welcomed by many in the cybersecurity industry. It demonstrates the company’s commitment to improving the security of its customers’ data and providing them with the necessary tools to effectively respond to threats. The decision to remove the fees associated with expanded logging access will help ensure that all organizations, regardless of the level of their 365 license, have access to crucial logging data.
Having detailed logging data is crucial for incident response and forensic investigations. It allows organizations to identify and analyze any suspicious activities, track the movement of threats within their systems, and determine the extent of a breach. By extending the retention time for logs, Microsoft is providing customers with a longer window of opportunity to review and analyze relevant data.
The support from CISA further reinforces the significance of Microsoft’s decision. CISA plays a crucial role in the security of our nation’s critical infrastructure and works closely with both commercial and government entities to enhance cybersecurity measures. Their endorsement of Microsoft’s move indicates that this decision will have a positive impact on overall security.
The threat landscape is constantly evolving, and organizations must adapt to stay ahead of cybercriminals. Being able to access detailed logging data is essential in detecting and mitigating potential threats. Microsoft’s initiative to provide expanded logging access and extend log retention time will undoubtedly help organizations bolster their cybersecurity defenses and enhance their incident response capabilities.
In conclusion, Microsoft’s decision to drop the fees associated with expanded logging access for all levels of 365 license holders is a significant step in improving cybersecurity measures for its customers. By providing deeper visibility into security data and extending log retention time, Microsoft is empowering organizations to effectively respond to security events and investigate potential breaches. This move has garnered support from CISA, highlighting its importance in advancing the security of our communities, companies, and country.