Public and private sector users of the standard Microsoft Purview Audit can now access new logging capabilities designed for cybersecurity through the Microsoft Expanded Cloud Log Implementation Playbook that the Cybersecurity and Infrastructure Security Agency released Wednesday. The log capabilities were previously accessible to Audit Premium subscribers only, CISA said.
The guidance was released in partnership with the Office of Management and Budget, the Office of the National Cyber Director and Microsoft, the agency added.
Through the 60-page playbook, users can familiarize themselves with each of the Microsoft cloud security logs introduced in the guidance and their operationalization to support threat detection and incident response.
Table of Contents
Microsoft 365 Logs Navigation
The guidance also provides scenario-based approaches to help analyze the common tactics used in identity theft attempts. In addition, users can learn from the playbook’s best practices on navigating Microsoft 365 logs for their effective use in cyber defense.
The logging capabilities in the playbook focus on enabling users to perform forensic and compliance reviews by checking critical areas, including sent and accessed mail and search activities in SharePoint Online and Exchange Online.
Cybersecurity Tools and Resources
CISA Director Jen Easterly, a Wash100 awardee, described the playbook as a “valuable resource” and acknowledged the support of Microsoft and government partners in its release. “We are pleased to see this progress and continue work to ensure greater adoption of Secure by Design principles,” she added.
Candice Ling, Microsoft Federal senior vice president and a Wash100 winner as well, noted that the guidebook not only provides tools but also resources for cybersecurity.
“Microsoft remains committed to partnering with the federal government to prioritize security above all else,” she said.