Critical Infrastructure Security, Incident Response, Email security

Microsoft backtracks: Premium security logging is now free

Microsoft logo on the side of a building

After a round of hefty criticism from the information security community and lawmakers, Microsoft announced it will make a wider variety of security logging available to customers for free starting in September.

The company plans to expand those offerings worldwide in the coming months and allow customers to access Microsoft’s Audit Purview. Access would allow its customers to better visualize cloud log data, considered tables stakes for securing and managing cloud platforms. Standard license holders will get access to more than 30 types of logging previously available to higher paying customers, and all logs will be stored for twice as long, 180 days, by default.

Commercial and government customers with premium licenses will still get additional support in the form of intelligence insights, audit log searching and Office 365 Management Activity’s API.

“These steps are the result of close coordination with commercial and government customers, and with the Cybersecurity and Infrastructure Security Agency (CISA) about the types of security log data Microsoft provides to cloud customers for insight and analysis,” wrote Vasu Jakkal, Microsoft’s vice president of security, compliance, identity and management, in a post published Wednesday morning.

The post includes a quote from CISA Director Jen Easterly, who said she was “extremely pleased” at the expansion of free logging tools.

“While we recognize this will take time to implement, this is truly a step in the right direction toward the adoption of Secure by Design principles by more companies,” the quote from Easterly reads. “We will continue to work with all technology manufacturers, including Microsoft, to identify ways to further enhance visibility into their products for all customers.”

The moves come after Microsoft faced intense criticism following the disclosure of a hacking campaign by Chinese threat actors that successfully compromised a number of federal agencies by leveraging a forged Microsoft authentication tokens to gain unauthorized access to Microsoft 365 email accounts that use Outlook Web Access and Outlook.com. One of the email accounts compromised belonged to Commerce Secretary Gina Raimondo.  

However, full visibility of the attack was hindered by the premium pricing that Microsoft placed around many of its security logging options, leaving some victims without the context needed to know if they were affected. One incident responder for an affected customer said it was “invisible” to them because they only had Microsoft’s standard package. Another said they were only able to find evidence of the attack because they had a premium license.

It earned the attention of lawmakers like Sen. Ron Wyden, D-Ore., who fumed that forcing customers to pay for security logging was akin to “selling a car and then charging extra for seatbelts and airbags.”

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds