The incident may lead to Microsoft offering more logging options to customers without an additional fee…

An article review.

While the importance of maintaining and reviewing event logs has been common knowledge for some time, some vendors still require customers to pay additional fees for what they call “premium” logging–however a recent cyber attack may lead to changes, at least for Microsoft 365 users.

The incident in question targeted an unnamed federal agency–rumored to be the Department of State–and according to a CISA and FBI examination the attack was only uncovered due to logging that until now has only been provided by Microsoft for an additional fee.

This isn’t the first time that access to logging features has factored into security breaches according to experts: the 2020 SolarWinds incident also hinged upon customers being able to access extensive logging data, with members of Congress criticizing Microsoft’s paid logging options as a factor contributing to the severity of the breach.

This time Microsoft appears ready to respond however, with a statement from the CISA suggesting the organization is ready to offer more logging options to customers without an additional fee.  This should benefit many organizations, as according to Microsoft’s own data most 365 customers are not paying for “premium” logging options.

Regardless of whether you are a Microsoft 365 customer or not, this incident certainly highlights how having access to event logs–and having people to review those logs–can make all the difference when it comes to cybersecurity incidents.

Original article by Justin Doubleday writing for Federal News Network

This Article Review was written by Vigilize.

Matt Jolley is the current Vigilize, he is also the recipient of the 2023 Cyb3rP0e+ designation!