Microsoft's new expanded logging capabilities could mean big changes for US government devices

News
By published

New 60-page playbook may change a thing or two about cloud use in government agencies

Image of someone clicking a cloud icon.
Image Credit: Shutterstock (Image credit: Shutterstock)
  • CISA releases new playbook for government firms and enterprises
  • The guidebook addresses expanded cloud logs from Microsoft
  • Microsoft expanded its cloud logs after July 2023 Outlook incident

Microsoft has recently expanded logging capabilities for its cloud services, which could mean significant changes for US government organizations.

In July 2023, a Chinese state-sponsored threat actor, found a way to access email accounts belonging to government officials working in the State Department, and the Department of Commerce. The fallout was major, and resulted in Microsoft expanding free logging capabilities for all Purview Audit Standard users, among other changes.

Now, the US Cybersecurity and Infrastructure Security Agency (CISA) has released its guidance, explaining to government agencies and enterprises how to take advantage of the changes.

The new guidance is a 60-page playbook, so the changes could be quite major.

"These capabilities also allow organizations to monitor and analyze thousands of user and admin operations performed in dozens of Microsoft services and solutions," CISA said. "These logs provide new telemetry to enhance threat-hunting capabilities for business email compromise (BEC), advanced nation-state threat activities, and possible insider-risk scenarios."

The guidance also discusses navigating the expanded logs within Microsoft 365, and using them with both Microsoft Sentinel, and Splunk Security Information and Event Management (SIEM) systems.

In July 2023, the Chinese cyber espionage group Storm-0558 exploited a vulnerability in Microsoft's Outlook email system to gain unauthorized access to email accounts belonging to U.S. government agencies and other organizations. The attackers used a stolen Microsoft security key to forge authentication tokens, bypassing security measures.

As a result, Microsoft was forced to revoke the compromised security key, bolster its token validation systems, and enhance transparency by providing detailed incident reports and security updates to affected customers. Additionally, it faced scrutiny over its cloud security practices and was pressured to improve safeguards to prevent similar breaches in the future.

Microsoft also launched its Secure Future Initiative (SFI) in November 2023, a comprehensive cybersecurity program aimed at enhancing security resilience across its products and services. It invested heavily in advanced threat detection, prevention, and response capabilities.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
CISA tells agencies to patch BeyondTrust bug now
Representational image depecting cybersecurity protection
CISA says Oracle and Mitel have critical security flaws being exploited
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
A phone sitting on a laptop keyboard with the Microsoft Outlook logo on the screen.
US government warns users to patch this critical Microsoft Outlook bug
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Compal Infinite Laptop

This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
See more latest
Most Popular
Compal Infinite Laptop
This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
Silicon Motion MonTian 128TB SSD
More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab
How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD