The US Cybersecurity an Infrastructure Agency is working alongside with Microsoft to identify critical logging data points which should be included for all Microsoft customers for no cost. Due to these discussions and the recent attacks which resulted in the compromise of corporate and government Microsoft Exchange and 365 accounts, Microsoft is now expanding access to the premium cloud logging to all customers, allowing easier detection of breached networks and accounts. This logging data was used by the US to detect the intrusions and report them to Microsoft.
Previously, these logging features were only available to users who paid for Microsoft’s Purview Audit Logging feature, which was heavily criticized as it impeded organizations to quickly detect advanced attacks.
Microsoft Purview Audit (Standard) now lets Microsoft customers view detailed records of email access and 30 other data points that used to be exclusive to licensed customers.
Microsoft also announced that it will extend the default storage time for Audit Standard customers from 90 to 180 days, giving customers more access to historical data when they need to investigate incidents.