After a round of hefty criticism from the information security community and lawmakers, Microsoft announced it will make a wider variety of security logging available to customers for free starting in September.
The company plans to expand those offerings worldwide in the coming months and allow customers to access Microsoft’s Audit Purview. Access would allow its customers to better visualize cloud log data, considered tables stakes for securing and managing cloud platforms. Standard license holders will get access to more than 30 types of logging previously available to higher paying customers, and all logs will be stored for twice as long, 180 days, by default.
Commercial and government customers with premium licenses will still get additional support in the form of intelligence insights, audit log searching and Office 365 Management Activity’s API.
“These steps are the result of close coordination with commercial and government customers, and with the Cybersecurity and Infrastructure Security Agency (CISA) about the types of security log data Microsoft provides to cloud customers for insight and analysis,” wrote Vasu Jakkal, Microsoft’s vice president of security, compliance, identity and management, in a post published Wednesday morning.
The post includes a quote from CISA Director Jen Easterly, who said she was “extremely pleased” at the expansion of free logging tools.
“While we recognize this will take time to implement, this is truly a step in the right direction toward the adoption of Secure by Design principles by more companies,” the quote from Easterly reads. “We will continue to work with all technology manufacturers, including Microsoft, to identify ways to further enhance visibility into their products for all customers.”
The moves come after Microsoft faced intense criticism following the disclosure of a hacking campaign by Chinese threat actors that successfully compromised a number of federal agencies by leveraging a forged Microsoft authentication tokens to gain unauthorized access to Microsoft 365 email accounts that use Outlook Web Access and Outlook.com. One of the email accounts compromised belonged to Commerce Secretary Gina Raimondo.
However, full visibility of the attack was hindered by the premium pricing that Microsoft placed around many of its security logging options, leaving some victims without the context needed to know if they were affected. One incident responder for an affected customer said it was “invisible” to them because they only had Microsoft’s standard package. Another said they were only able to find evidence of the attack because they had a premium license.
It earned the attention of lawmakers like Sen. Ron Wyden, D-Ore., who fumed that forcing customers to pay for security logging was akin to “selling a car and then charging extra for seatbelts and airbags.”
