Microsoft to expand logging access for federal agencies

The U.S. government and Microsoft on Wednesday announced the tech giant would finally provide expanded free logging capabilities following years of pressure on the firm to provide the basic security features to federal entities at no additional charge.

The changes will increase visibility into the company’s products, and involve Microsoft retaining logging information for 180 days, rather than 90, and making such information available to all federal agencies.

The new data will strengthen “threat hunting capabilities for business email compromise (BEC), advanced nation-state threat activities, and possible insider risk scenarios,” the company said in a blog post.

The enhanced forensics capabilities that were once reserved for Microsoft’s top paying cloud customers will also be offered to corporate clients. The decision comes after a six-month pilot program where five government agencies used the new tools.

Microsoft initially vowed to provide the features last year after China-based hackers exploited vulnerabilities in the company’s cloud infrastructure to pilfer email data from multiple government agencies and officials, including Commerce Secretary Gina Raimondo.

Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) will publish a playbook to help agencies use the new features.

“Last summer, we were glad to see Microsoft’s commitment to make necessary logging available to federal agencies and the broader cybersecurity community. I am pleased that we have made real progress toward this goal,” Eric Goldstein, CISA’s executive assistant director for cybersecurity, said in a statement.

Microsoft “will continue to play a critical role in partnering with the federal government to reinforce our commitment to secure by design and further enhance the security baseline of our nation,” according to Candice Ling, senior vice president of Microsoft Federal.