Skip to content Skip to footer

Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies

has recently announced that all U.S. federal agencies using Purview Audit will now be granted free logging capabilities irrespective of the license tier they are subscribed to. This move comes more than six months after a -linked campaign, which targeted two dozen organizations, was discovered. The U.S. and Infrastructure Security Agency (CISA) has stated that will automatically activate the logs in customer accounts and increase the default log retention period from 90 to 180 days. This data will provide new telemetry to help more federal agencies meet logging requirements mandated by [Office of Management and Budget] Memorandum M-21-31.

The campaign, believed to have commenced in May 2023, was detected only a month after a U.S. federal agency, later revealed to be the State Department, uncovered suspicious activity in unclassified 365 audit logs and reported it to . announced in July 2023 that a -based nation-state activity group known as Storm-0558 had gained unauthorized access to approximately 25 entities in the U.S. and Europe and a small number of related individual consumer accounts.

According to Microsoft, Storm-0558 operates with a high degree of technical tradecraft and operational security. The actors are said to be well aware of the target's environment, logging policies, authentication requirements, policies, and procedures. The attackers were able to steal at least 60,000 unclassified emails from Outlook accounts belonging to State Department officials stationed in East Asia, the Pacific, and Europe. The breach was detected by leveraging enhanced logging in Microsoft Purview Audit, explicitly using the MailItemsAccessed mailbox-auditing action typically available for Premium subscribers.

Microsoft faced intense scrutiny for withholding critical logging capabilities to entities that subscribed to the more expensive E5 or G5 plan. As a result, the company has made changes. It has extended free logging capabilities to all federal agencies, recognizing the vital importance of advanced logging and enabling them to detect, respond to, and prevent even the most sophisticated cyberattacks from well-resourced, state-sponsored actors.

Want to read more? Check out the original article available at The Hacker News!

Read More

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

Look. This... is all a mistake. I'm just a compound interest program. I work at a savings and loan! I can't play these video games!Crom

Deitasoft © 2024. All Rights Reserved.