Connect with us


Microsoft Offers Free Logging To All Government Agencies

Avatar of Salman Ahmad



Microsoft Offers Free Logging To All Government Agencies

(CTN News) – After nearly six months of China-linked cyber espionage targeting two dozen organizations, Microsoft has enabled free logging for all U.S. federal agencies using Microsoft Purview Audit.

As part of the change, Microsoft will automatically enable the logs in customer accounts and increase the default log retention period from 90 days to 180 days, the Center for Cybersecurity and Infrastructure Security (CISA) announced.

Moreover, this data will provide new telemetry to assist more federal agencies in meeting the logging requirements set forth in Memorandum M-21-31 of the Office of Management and Budget.

It was disclosed by Microsoft in July 2023 that Storm-0558, a China-based nation-state activity group, gained unauthorized access to approximately 25 U.S. and European entities, as well as a small number of related individual consumer accounts.

Storm-0558 operates with a high level of technical expertise and operational security, according to the company. It is apparent that the actors are well aware of the target’s environment, logging policies, authentication requirements, policies, and procedures.

An unclassified audit log in Microsoft 365 revealed suspicious activity that was reported to Microsoft only a month after the alleged campaign began in May 2023, but was not uncovered until a month later by a U.S. government agency, later revealed to be the State Department.

The breach was detected by leveraging enhanced logging in Microsoft Purview Audit, specifically by relying on the MailItemsAccessed mailbox-auditing action, which is available to Premium subscribers.

It was subsequently acknowledged by Windows that a validation error enabled Storm-0558 to forge Azure Active Directory (Azure AD) tokens by using the MSA consumer key, and then use them to penetrate mailboxes.

It is estimated that the attackers stole at least 60,000 unclassified emails from Outlook accounts belonging to State Department officials stationed in East Asia, the Pacific, and Europe, according to Reuters in September 2023. Allegations made by Beijing have been denied.

Moreover, the company was under intense scrutiny for refusing to grant basic-yet-crucial logging functionality to entities on the more expensive E5 and G5 plans, which prompted the company to amend its policies.

According to Microsoft’s Candice Ling, “we recognize the vital role advanced logging plays in helping federal agencies detect, respond to, and protect themselves against even the most sophisticated cyberattacks launched by well-resourced, state-sponsored actors.”

In order to provide access to advanced audit logs across the federal government, we have been collaborating across the government.”


Bargain Hunting? Buying PayPal In 2024 Makes Sense, But Only If You Believe This.

Salman Ahmad is a seasoned writer for CTN News, bringing a wealth of experience and expertise to the platform. With a knack for concise yet impactful storytelling, he crafts articles that captivate readers and provide valuable insights. Ahmad's writing style strikes a balance between casual and professional, making complex topics accessible without compromising depth.

Continue Reading

CTN News App

CTN News App

Recent News


compras monedas fc 24

Volunteering at Soi Dog

Find a Job

Jooble jobs

Free ibomma Movies