Microsoft Strengthens Cloud Logging Against Nation-State Threats

Written by

Microsoft has announced intentions to enhance cloud logging and improve security visibility for its customers in response to the growing frequency of nation-state cyber threats. 

Writing in a blog post published on July 19, 2023, the tech giant said it would increase the secure-by-default baseline of its cloud platforms through closer coordination with commercial and government customers and the US Cybersecurity and Infrastructure Security Agency (CISA).

From a technical standpoint, cloud logging is essential in incident response as it provides detailed and auditable insights into how different identities, applications and devices access a customer's cloud services. 

While logging data may not prevent attacks, it plays a crucial role in digital forensics and incident response, helping examine potential intrusions.

Read more on attacks targeting logs: Infostealer Malware Surges: Stolen Logs Up 670% on Russian Market

As part of its efforts, Microsoft confirmed it will expand cloud logging accessibility and flexibility for worldwide customers at no extra cost. Over the coming months, customers will have access to broader cloud security logs previously only available at the Premium subscription level. 

Additionally, the default retention period for Audit Standard customers will increase from 90 to 180 days.

Commercial and government customers with E5/G5 licenses who are already using Microsoft Purview Audit (Premium) will retain access to all available audit logging events, including intelligent insights and more extended default retention periods.

In the blog post, the company said the decision to expand cloud logging and make necessary log types available to the broader cybersecurity community came from close collaboration with CISA

"After working collaboratively for over a year, I am extremely pleased with Microsoft's decision to make necessary log types available to the broader cybersecurity community at no additional cost," commented CISA director Jen Easterly. 

"While we recognize this will take time to implement, this is truly a step in the right direction toward the adoption of secure by design principles by more companies."

Microsoft will begin rolling out the logging updates in September 2023 to all government and commercial customers. Existing and new logs can be accessed through the Microsoft Purview compliance portal.

What’s hot on Infosecurity Magazine?