Microsoft extends Purview Audit log retention after July breach

Microsoft is extending Purview Audit log retention as promised after the Chinese Storm-0558 hacking group breached dozens of Exchange and Microsoft 365 corporate and government accounts in July.

The changes to audit logging retention announced today will roll out to Microsoft Purview Audit customers with Standard licenses in the coming weeks, starting with enterprise tenants this month and government customers in November.

“Starting in October 2023, we began rolling out changes to extend default retention to 180 days from 90 for audit logs generated by Audit customers. Audit license holders will continue with a default of one year, and the option to extend up to 10 years,” said Microsoft Purview CVP Rudra Mitra.

Under pressure from the Cybersecurity and Infrastructure Security Agency, Microsoft has also agreed to broaden access to cloud logging data at no cost, which would help network defenders identify similar breach attempts in the future.

Starting December 2023, Microsoft customers with Purview Audit licenses will also have to access additional logs of email access and 30 other Yammer/Viva Engage, Teams, Exchange, and Sharepoint events previously only available to customers with Premium licenses.

“Microsoft has worked closely with CISA to identify these critical logs and include them in our Microsoft Purview Audit license,” Mitra said.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

Recent News

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.