Security News > 2024 > February > Microsoft begins broadening free cloud logging capabilities

After select US federal agencies tested Microsoft's expanded cloud logging capabilities for six months, Microsoft is now making them available to all agencies using Microsoft Purview Audit - regardless of license tier.

Microsoft first announced the expanded cloud logging capabilities in July 2023, after it revealed that Chinese hackers accessed email accounts belonging to 25 organizations and government agencies.

"The new logging capabilities will now offer government Microsoft M365 E3 customers the ability to gain insights into detailed logs pertaining to the access of email, and to the user entered search strings in both SharePoint and Exchange if configured."

Most additional logging capabilities will be enabled by default.

"Lastly, the playbook provides a threat actor behavior driven approach for leveraging the added logging capabilities in detecting even the most advanced state-sponsored activities. These behaviors include Credential Access, Exfiltration, and Impact providing both proactive and reactive analytical methodologies for each. In addition, the playbook provides cyber defenders with KQL-based Advanced Hunting queries which can be used as a template for detecting the threat actor behaviors described in the scenario," Kahsen noted.

"We have prioritized our federal customers, and we are striving to ensure those who are not currently leveraging an E5 license receive this logging expansion as quickly as possible," Kahsen pointed out, and said that all remaining customers in GCC, GCC-H, and DoD environments will get expanded logging capabilities in the next 30 days.

News URL

https://www.helpnetsecurity.com/2024/02/22/microsoft-expanded-cloud-logging/