Microsoft will expand access to security logs after China-based hack

Microsoft said Wednesday it will offer customers wider access to security logs for free in September in an effort to help them better find hackers on their networks.

Why it matters: The announcement follows a recent wave of criticism over the company's tier-priced logging practices after a disclosure this month that a China-based espionage group hacked government Exchange email accounts.

• Federal officials have said that the U.S. government was only able to identify the breaches after studying the security logs — which record activity that happens on a server — that were only available to premium customers.

What's happening: Microsoft plans to make more than 30 different log data types available for free to customers who have a license for Microsoft's lower-cost cloud services.

• Previously, this information was only offered to premium license holders of Microsoft Purview Audit.
• Microsoft will also start storing up to 180 days of logging activity by default, double the previous limit of 90 days.

What they're saying: "Today’s news comes as a result of our close partnership with CISA, which has called for the industry to take action in order to better protect itself from potential cyberattacks," Vasu Jakkal, corporate vice president of security at Microsoft, wrote in its announcement.

• "It also reflects our commitment to engaging with customers, partners, and regulators to address the evolving security needs of the modern world," she added.

The big picture: Security logs help cyber defenders spot anomalous activity on their networks, as well as conduct forensic work to see if they were impacted by recently identified threats.

• In the case of last week's China-related breach, some federal agencies could not identify if they were affected because they didn't have access to all the logging data they needed.

Catch up quick: Given Microsoft's role as a major cloud provider for the U.S. government, the Cybersecurity and Infrastructure Security Agency (CISA) has spent the last few months working with the company to identify what kind of log data should be included in its baseline offerings.

• "Asking organizations to pay more for necessary logging is a recipe for inadequate visibility into investigating cybersecurity incidents and may allow adversaries to have dangerous levels of success in targeting American organization," said Eric Goldstein, CISA's executive assistant director for cybersecurity, in a blog post.