After recent hack that required the logs for detection.
Microsoft is expanding its suite of free security tools for customers, following criticism that it was charging clients to protect themselves against Microsoft’s mistakes.
The move follows a high-level hack that allowed allegedly Chinese spies to steal emails from senior US officials – and complaints from security specialists and lawmakers against paying for advanced logs that aided detection.
In a blog post, Microsoft said the advanced features in Microsoft’s auditing suite – which it calls Microsoft Purview Audit – would be available to all customers “over the coming months.”
Although not enough to prevent hacks on their own, digital auditing tools are critical for helping organisations figure out whether intruders are in their network, how they got in and how to get them out.
Purview Audit (Standard) customers “will receive deeper visibility into security data, including detailed logs of email access and more than 30 other types of log data previously only available” to premium subscribers, Microsoft said.
“In addition to new logging events becoming available, Microsoft is also increasing the default retention period for Audit Standard customers from 90 days to 180 days,” it said.
The changes will start to take effect in September, with “all government and commercial customers” to get access to the more advanced logs.
Microsoft’s previous practice of charging for advanced versions of those tools has come under widespread criticism, especially following the recently disclosed hack at the US State and Commerce Departments.
That hack – which Microsoft later acknowledged was down to a breach and coding flaws – was only discovered because one of the victims spotted an anomaly while reviewing their digital logs.
In a statement released alongside Microsoft’s blog post, Cybersecurity and Infrastructure Security Agency (CISA) official Eric Goldstein said that “everyone wins” when security tools are provided free of charge.
Charging for those tools “is a recipe for inadequate visibility into investigating cyber security incidents,” Goldstein said.