Microsoft announced today that it is officially launching its expanded cloud logging capabilities to all Federal agencies this month after working closely with the Cybersecurity and Infrastructure Security Agency (CISA), Office of Management and Budget (OMB), and Office of the National Cyber Director (ONCD) to finalize this effort.
The company first announced the expanded logging features last July, after it discovered that a China-based adversary gained access to the email systems of several Federal government agencies through Microsoft Outlook.
“Last summer, we were glad to see Microsoft’s commitment to make necessary logging available to Federal agencies and the broader cybersecurity community. I am pleased that we have made real progress toward this goal,” CISA Executive Assistant Director for Cybersecurity Eric Goldstein said in a statement.
“We look forward to continued progress with our partners to ensure that every organization has access to necessary security logs – a core tenet of our Secure by Design guidance in support of the National Cybersecurity Strategy,” Goldstein added. “Every organization has the right to safe and secure technology, and we continue to make progress toward this goal.”
Beginning this month, Microsoft will make the expanded logging capabilities available to all agencies using Microsoft Purview Audit regardless of their license tier.
In line with CISA’s Secure by Design guidance, the company said it will automatically enable the logs in customer accounts and increase the default log retention period from 90 days to 180 days.
CISA said this data will also provide “new telemetry” to help agencies meet the logging requirements mandated by OMB Memorandum M-21-31.
To help Federal agencies more effectively use the available logs, Microsoft and CISA will also offer a new Expanded Cloud Log Implementation Playbook that will provide an in-depth look and explanation of each newly available log.
“The upgraded logging features now available to Microsoft’s government community cloud customers will provide greater visibility, and enable our network defenders to enhance their threat detection capabilities,” said Chris DeRusha, Federal chief information security officer and deputy national cyber director.
These cybersecurity logs will offer crucial information to Federal agencies, enhancing “threat hunting capabilities for business email compromise (BEC), advanced nation-state threat activities, and possible insider risk scenarios,” according to Microsoft’s blog.
“We recognize the vital importance that advanced logging plays in enabling Federal agencies to detect, respond to, and prevent even the most sophisticated cyberattacks from well-resourced, state-sponsored actors. For this reason, we have been collaborating across the Federal government to provide access to advanced audit logs,” said Candice Ling, senior vice president of Microsoft Federal.
“Microsoft will continue to play a critical role in partnering with the Federal government to reinforce our commitment to secure by design and further enhance the security baseline of our nation,” Ling added.