Microsoft Loosens Privacy Policies, Provides Free Key Logging Feature to All Microsoft 365 Users

Microsoft Addresses Logging Concerns and Chinese Espionage Campaign

Microsoft Responds to Customer Feedback

Microsoft has dropped the fees associated with expanded logging access for all levels of 365 license holders, following complaints that the cloud service provider was effectively imposing a “logging tax” on customers. This move comes in response to demands from commercial and government customers who highlighted the importance of having detailed logging capabilities to gather evidence of compromise. Microsoft‘s decision to make it more economical for organizations to access logging data is a step in the right direction for enhancing security measures.

The Threat of Chinese APT Group Storm-0558

Recent updates from the Cybersecurity and Infrastructure Security Agency (CISA) have brought to light an espionage campaign conducted by the Chinese APT group Storm-0558 against Microsoft 365. This campaign highlights the urgent need for organizations to have access to detailed logging in order to identify and mitigate potential security breaches. The proliferation of sophisticated cyber threats necessitates robust logging capabilities to ensure comprehensive insight into security events.

Microsoft Enhancements to Logging Access

Microsoft has acknowledged the need to improve access to logging data and has taken significant steps towards this goal. The company plans to provide deeper visibility into security data for customers using Microsoft Purview Audit Standard, offering detailed logs of email access and more than 30 other types of log data that were previously exclusive to Purview premium subscribers. This expanded access to logging data will significantly enhance an organization’s ability to respond to security events and investigate breach incidents.

Extended Retention Time for Logs

In addition to expanding logging access, Microsoft has announced an extension of log retention time from 90 days to 180 days. This increased duration allows organizations to have a longer window of historical data for analysis and investigation purposes. By doubling the retention period, Microsoft demonstrates its commitment to improving logging capabilities to meet the evolving needs of customers in an ever-changing threat landscape.

CISA’s Support of Microsoft‘s Actions

CISA’s executive assistant director for cybersecurity, Eric Goldstein, has expressed his support for Microsoft‘s efforts to improve logging access. He believes that every organization should have access to products that prioritize security and come with necessary security data “out of the box.” Goldstein sees Microsoft‘s announcement as a significant step forward in advancing the security of communities, companies, and the country as a whole. This endorsement from a prominent cybersecurity agency validates the importance of comprehensive logging capabilities for detecting and mitigating cyber threats.

Importance of Logging and Protection of Privacy

The significance of detailed logging cannot be overstated when it comes to improving an organization’s security posture. Logging provides vital insights into potential security incidents, allowing organizations to investigate breaches, identify threat actors, and take appropriate remediation measures. By extending logging access and retention time, Microsoft is effectively empowering organizations to proactively protect their environments against cyber threats.

However, it is essential to strike a balance between logging for security purposes and protecting privacy rights. While comprehensive logging is crucial for threat detection and incident response, organizations must also ensure they adhere to privacy policies and regulations. Collecting and storing vast amounts of data carries inherent risks, including the potential for abuse or unlawful access. Organizations should implement appropriate measures to safeguard logging data, including encryption, access controls, and regular auditing to monitor for any unauthorized activities.

Advice for Organizations

Organizations should take full advantage of Microsoft‘s enhanced logging capabilities to bolster their cybersecurity defenses. By leveraging the detailed logs available, companies can gain valuable insights into security events, enhance their incident response capabilities, and strengthen their overall security posture.

However, it is vital to implement logging practices in a manner that aligns with privacy regulations and policies. Organizations must carefully consider the collection, storage, and disposal of logging data to mitigate privacy risks. Employing strong encryption, robust access controls, and regular audits are essential measures to protect logging data from unauthorized access and misuse.

Conclusion

Microsoft‘s decision to drop fees associated with expanded logging access and extend log retention time is a significant step forward in addressing customer concerns and enhancing cybersecurity. By providing deeper visibility into security data, Microsoft enables organizations to investigate and respond effectively to security events. As cyber threats continue to evolve, an organization’s ability to access and analyze detailed logging data will be crucial in safeguarding sensitive information and protecting against potential breaches. However, organizations must carefully balance the use of logging data with privacy considerations to ensure compliance with regulatory requirements.