Security News > 2024 > February > Microsoft finally expands free logging—but only for govt agencies
Microsoft has finally expanded free Purview Audit logging capabilities for all U.S. federal agencies six months after disclosing that Chinese hackers stole U.S. government emails undetected in an Exchange Online breach between May and June 2023.
"Beginning this month, expanded logging will be available to all agencies using Microsoft Purview Audit regardless of license tier," a press release issued today reads.
"Microsoft will automatically enable the logs in customer accounts and increase the default log retention period from 90 days to 180 days. Also, this data will provide new telemetry to help more federal agencies meet logging requirements mandated by OMB Memorandum M-21-31.".
While the hackers mostly evaded detection, some affected U.S. federal agencies identified the malicious activity using enhanced logging.
These advanced logging capabilities were only available to customers with Microsoft's Purview Audit logging licenses, which led to Redmond facing criticism for hindering organizations from promptly detecting Storm-0558's attacks.
Following the incident disclosure and pressured by CISA, Microsoft agreed to broaden access to logging data for free to allow network defenders to spot similar breach attempts in the future.