Microsoft is expanding cloud logging to give customers deeper security visibility

In response to the increasing frequency and evolution of nation-state cyberthreats, Microsoft is taking additional steps to protect their customers and increase the secure-by-default baseline of its cloud platforms. These steps are the result of close coordination with commercial and government customers, and with the Cybersecurity and Infrastructure Security Agency (CISA) about the types of security log data Microsoft provides to cloud customers for insight and analysis.    

Moving to the cloud gives organizations significant advantages in terms of performance, automatic software updates, and centralized security monitoring. Log data plays an important role in incident response because it provides granular, auditable insight into how different identities, applications, and devices access a customer’s cloud services. These logs themselves do not prevent attacks, but they can be useful in digital forensics and incident response when examining how an intrusion might have occurred, such as when an attacker is impersonating an authorized user.   

Microsoft has said that they are expanding Microsoft’s cloud logging accessibility and flexibility even further. Over the coming months, they will include access to wider cloud security logs for their worldwide customers at no additional cost. As these changes take effect, customers can use Microsoft Purview Audit to centrally visualize more types of cloud log data generated across their enterprise.

Microsoft Purview Audit enables customers to centrally visualize cloud log data generated across their enterprise, thus helping them effectively respond to security events, forensic investigations, internal investigations and compliance obligations. Thousands of user and admin operations performed in dozens of Microsoft 365 services and solutions are captured, recorded and retained in customers unified Purview Audit logs. 

Microsoft will begin rolling out these logging updates in September 2023 to all government and commercial customers. To access existing and new logs as they become available, visit the Microsoft Purview compliance portal and select Audit from the Solutions panel. Microsoft has historically provided security log data to customers, with options to maintain logs through Microsoft’s storage services or with other security and storage vendors, depending on preferences. Different customers have varying preferences and needs for where they save their audit logs, how they are analyzed, and how long they are retained. They know customers have multiple issues to consider, including data storage capacity and which Microsoft or third-party log management tools they want to use, and our newly expanding, flexible logging options help customers decide what is best for their requirements. 

Learn more about Microsoft Purview Audit.

To learn more about Microsoft Security solutions, visit their website.