Microsoft Offers Free Logging To All Government Agencies

(CTN News) – After nearly six months of China-linked cyber espionage targeting two dozen organizations, Microsoft has enabled free logging for all U.S. federal agencies using Microsoft Purview Audit.

As part of the change, Microsoft will automatically enable the logs in customer accounts and increase the default log retention period from 90 days to 180 days, the Center for Cybersecurity and Infrastructure Security (CISA) announced.

Moreover, this data will provide new telemetry to assist more federal agencies in meeting the logging requirements set forth in Memorandum M-21-31 of the Office of Management and Budget.

It was disclosed by Microsoft in July 2023 that Storm-0558, a China-based nation-state activity group, gained unauthorized access to approximately 25 U.S. and European entities, as well as a small number of related individual consumer accounts.

Storm-0558 operates with a high level of technical expertise and operational security, according to the company. It is apparent that the actors are well aware of the target’s environment, logging policies, authentication requirements, policies, and procedures.

An unclassified audit log in Microsoft 365 revealed suspicious activity that was reported to Microsoft only a month after the alleged campaign began in May 2023, but was not uncovered until a month later by a U.S. government agency, later revealed to be the State Department.

The breach was detected by leveraging enhanced logging in Microsoft Purview Audit, specifically by relying on the MailItemsAccessed mailbox-auditing action, which is available to Premium subscribers.

It was subsequently acknowledged by Windows that a validation error enabled Storm-0558 to forge Azure Active Directory (Azure AD) tokens by using the MSA consumer key, and then use them to penetrate mailboxes.

It is estimated that the attackers stole at least 60,000 unclassified emails from Outlook accounts belonging to State Department officials stationed in East Asia, the Pacific, and Europe, according to Reuters in September 2023. Allegations made by Beijing have been denied.

Moreover, the company was under intense scrutiny for refusing to grant basic-yet-crucial logging functionality to entities on the more expensive E5 and G5 plans, which prompted the company to amend its policies.

According to Microsoft’s Candice Ling, “we recognize the vital role advanced logging plays in helping federal agencies detect, respond to, and protect themselves against even the most sophisticated cyberattacks launched by well-resourced, state-sponsored actors.”

In order to provide access to advanced audit logs across the federal government, we have been collaborating across the government.”

SEE ALSO:

Bargain Hunting? Buying PayPal In 2024 Makes Sense, But Only If You Believe This.