In a strategic move to fortify cybersecurity defenses within the U.S. federal government, Microsoft has announced the expansion of its free Purview Audit logging capabilities to all federal agencies. This development arrives in the wake of a disclosed breach by Chinese hackers, known as Storm-0558, who managed to access U.S. government emails undetected. The breach occurred within the Microsoft Exchange Online environment between May and June 2023.
Through this expanded logging initiative, Microsoft is partnering with the Cybersecurity and Infrastructure Security Agency (CISA), the Office of Management and Budget (OMB), and the Office of the National Cyber Director (ONCD), ensuring that these entities have access to vital logging data to preempt future similar cybersecurity attacks.
A Unified Response to Cybersecurity Incidents
The announcement specifies that beginning this month, Microsoft will automatically enable these comprehensive logs on customer accounts and extend the default log retention period from 90 days to 180 days. This measure aims to provide additional telemetry data to help federal agencies meet the stringent logging requirements mandated by OMB Memorandum M-21-31. Aligning with CISA's Secure by Design guidance, this initiative emphasizes the need for technology providers to offer high-quality audit logs without necessitating additional configuration or incurring extra charges.
Reflecting on the Importance of Secure Technology
The need for enhanced cybersecurity measures became abundantly clear following the July revelation about the email data breach perpetrated by Storm-0558. The threat actors utilized a stolen Microsoft account consumer key from a Windows crash dump to forge authentication tokens, accessing targeted email accounts across Outlook Web Access in Exchange Online and Outlook.com. While the breach mostly went undetected, some U.S. federal agencies were able to identify the malicious activity through advanced logging capabilities, previously available only with Microsoft's Purview Audit (Premium) licensing.
In response to pressure from CISA and following the incident's disclosure, Microsoft has now committed to providing broader access to essential logging data at no additional cost. This adjustment aims to empower network defenders across the board, enabling them to detect similar breach attempts proactively. The decision has been met with mixed reactions, with some critics arguing that Microsoft is overdue in making these fundamental security features freely accessible, pointing to the broader issue of software company accountability in cybersecurity.
This advancement represents a significant step toward ensuring that every organization can depend on safe and secure technology infrastructure, a goal that continues to be a priority for stakeholders across the cybersecurity landscape.
