- CISA publishes new manual for government firms and companies
- Guide addresses Microsoft's expanded cloud registries
- Microsoft expanded its cloud records after the July 2023 Outlook incident
Microsoft has recently expanded logging capabilities for its cloud services, which could mean significant changes for US government organizations.
In July 2023, a Chinese state-sponsored threat actor found a way to access email accounts belonging to government officials working at the State Department and the Department of Commerce. The fallout was significant, resulting in Microsoft expanding free registration capabilities to all Purview Audit Standard users, among other changes.
Now, the US Cybersecurity and Infrastructure Security Agency (CISA) has published its guidance, explaining to government agencies and companies how to take advantage of the changes.
Browsing expanded records
The new guide is a 60-page manual, so the changes could be quite significant.
“These capabilities also allow organizations to monitor and analyze thousands of user and administrator operations performed across dozens of Microsoft services and solutions,” CISA said. “These logs provide new telemetry to enhance threat hunting capabilities for business email compromise (BEC), advanced nation-state threat activities, and potential insider risk scenarios.”
The guide also discusses navigating expanded logs within Microsoft 365 and using them with Microsoft Sentinel and Splunk Security Information and Event Management (SIEM) systems.
In July 2023, the Chinese cyber espionage group Storm-0558 exploited a vulnerability in Microsoft's Outlook email system to gain unauthorized access to email accounts belonging to US government agencies and other organizations. The attackers used a stolen Microsoft security key to spoof authentication tokens, bypassing security measures.
As a result, Microsoft was forced to revoke the compromised security key, strengthen its token validation systems, and improve transparency by providing detailed incident reports and security updates to affected customers. Additionally, it faced scrutiny over its cloud security practices and was pressured to improve safeguards to prevent similar breaches in the future.
Microsoft also launched its Secure Future Initiative (SFI) in November 2023, a comprehensive cybersecurity program aimed at improving security resilience across all of its products and services. Invested heavily in advanced threat detection, prevention and response capabilities.
Through beepcomputer