Jane Edwards
Microsoft has worked with the Office of Management and Budget, Office of the National Cyber Director and the Cybersecurity and Infrastructure Security Agency to provide federal agencies access to expanded logging capabilities for Purview Audit.
The new logging capabilities will provide U.S. government customers with insights to detect business email compromise, advanced nation-state threats and possible insider risks, according to a blog post published Wednesday on Microsoft’s website.
Starting in February, CISA said agencies using Microsoft Purview Audit can begin adopting the added capabilities, which will give agencies new telemetry to enable them to meet logging requirements under OMB’s Memorandum M-21-31.
The company has partnered with CISA to develop the Microsoft Expanded Cloud Log Implementation Playbook, which seeks to equip cyber defenders with information on additional logging events and provide them with instructions for enabling SearchQueryInitiatedSharePoint and SearchQueryInitiatedExchange.
The playbook includes KQL-based Advanced Hunting queries that defenders can use to detect threat actor behaviors such as exfiltration and credential access.
“We recognize the vital importance that advanced logging plays in enabling federal agencies to detect, respond to, and prevent even the most sophisticated cyberattacks from well-resourced, state-sponsored actors. For this reason, we have been collaborating across the federal government to provide access to advanced audit logs,” said Candice Ling, senior vice president at Microsoft Federal.
Ling, a 2024 Wash100 awardee, said the company will continue to partner with the federal government to strengthen its commitment to secure by design and further improve the country’s security baseline.
Join the Potomac Officers Club’s 2024 Cyber Summit on June 6 and hear cyber experts, government and industry leaders discuss the latest trends and the dynamic role of cyber in the public sector. Register here.
