February 24, 2024 at 07:21AM
Microsoft has expanded free logging capabilities to all U.S. federal agencies, using Microsoft Purview Audit, regardless of licensing. This comes after a China-linked cyber espionage campaign targeting organizations. The move includes automatically enabling logs in customer accounts and increasing log retention to 180 days, aiding federal agencies to meet logging requirements.
Based on the meeting notes, the key takeaways are:
1. Microsoft has expanded free logging capabilities for U.S. federal agencies using Microsoft Purview Audit, irrespective of the license tier.
2. The default log retention period has been increased from 90 days to 180 days.
3. The enhanced logging in Microsoft Purview Audit, specifically using the MailItemsAccessed mailbox-auditing action, played a crucial role in detecting the breach.
4. Microsoft acknowledged a validation error in its source code that allowed for Azure AD tokens to be forged by the attackers.
5. There was intense scrutiny over the withholding of basic logging capabilities for entities on more expensive plans, prompting the company to make changes and collaborate with the federal government to provide access to advanced audit logs.
These clear takeaways highlight the key developments and implications discussed in the meeting regarding Microsoft’s expansion of logging capabilities and the response to the cyber espionage campaign targeting federal agencies.