October 19, 2023 at 04:27PM
Microsoft is extending Purview Audit log retention following the breach of Exchange and Microsoft 365 accounts by the Chinese hacking group Storm-0558. The affected organizations included government agencies, with the US State and Commerce Departments among them. The changes will roll out to customers with Standard licenses, providing longer retention of audit logs and broader access to cloud logging data. This update aims to minimize risk, aid in investigating security breaches, and enhance network defender capabilities.
Key Takeaways from the Meeting Notes:
– Microsoft is extending Purview Audit log retention in response to the Chinese Storm-0558 hacking group breaching corporate and government accounts.
– The list of affected organizations includes government agencies in the U.S. and Western Europe, with the U.S. State and Commerce Departments being among them.
– The hacking group used a consumer signing key obtained from a Windows crash dump after compromising a Microsoft engineer’s corporate account.
– The changes to audit logging retention will be rolled out to Microsoft Purview Audit customers with Standard licenses in the coming weeks.
– Access to cloud logging data will be broadened at no cost to help network defenders identify future breach attempts.
– Microsoft customers with Purview Audit (Standard) licenses will gain access to additional logs of email access and other events previously only available to Premium license holders.
– The staged rollout process will reach its last phase in September 2024, including expanded cloud security activity logs for Microsoft Exchange and SharePoint.