Security News > 2023 > July > Under CISA pressure collab, Microsoft makes cloud security logs available for free
Microsoft announced on Wednesday it would provide all customers free access to cloud security logs - a service usually reserved for premium clients - within weeks of a reveal that government officials' cloud-based emails were targets of an alleged China-based hack.
Microsoft wrote on its blog it was expanding the service's access beginning in September 2023 to "Increase the secure-by-default baseline" of its cloud platforms "In response to the increasing frequency and evolution of nation-state cyber threats."
The move is the result of close coordination with commercial and government customers, as well as the Cybersecurity and Infrastructure Security Agency, said Microsoft.
In a blog post on the CISA website praising the decision, the org's executive assistant director for cyber security Eric Goldstein cited the recent Microsoft Exchange Online breach.
Redmond said it had determined the actor was forging Azure Active Directory tokens using an acquired Microsoft account consumer signing key, which was made possible by a validation error in Microsoft code.
On Friday, Microsoft admitted it still didn't know how the hackers gained access to the signing key needed to access accounts, and said the investigation was "Ongoing."
News URL
Related news
- CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 (source)
- How AI Is Changing the Cloud Security and Risk Equation (source)
- Strategies for CISOs navigating hybrid and multi-cloud security (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- AWS unveils cloud security IR service for a mere $7K a month (source)
- Are Long-Lived Credentials the New Achilles’ Heel for Cloud Security? (source)
- Best CSPM Tools 2025: Top Cloud Security Solutions Compared (source)
- CrowdStrike vs Wiz: Which Offers Better Cloud Security and Value? (source)
- CISA orders federal agencies to secure their Microsoft cloud environments (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)