Microsoft just announced that the advanced features in Microsoft's auditing suite — which are usually reserved for Premium customers — will soon be available to all customers for free.
This comes following a recent high-profile hack that spurred widespread criticism of the tech giant for charging users to safeguard themselves against Microsoft’s own flaws.
The tech firm announced these new free tools in a blog post on Wednesday, a week after the incident that enabled suspected state-backed Chinese hackers to gain access to the email accounts of US government employees via Microsoft's cloud email service.
Free Security Tools Alone Won’t Stop Hackers
In the blog post, Microsoft admits that these cloud security logs and cybersecurity centralization tools themselves won’t stop hackers from infiltrating networks, but it will help organizations in identifying what is normal versus abnormal behavior.
They said that log data and the Purview platform “can be useful in digital forensics and incident response when examining how an intrusion might have occurred, such as when an attacker is impersonating an authorized user.” Therefore, organizations might learn from these insights and better understand how to protect themselves from future threats.
Microsoft Purview Audit enables customers to centrally visualize cloud log data generated across their enterprise, thus helping them effectively respond to security events, forensic investigations, internal investigations, and compliance obligations.
Cloud Security Logs a Step in the Right Direction, Says CISA
There has been growing pressure from cybersecurity specialists and lawmakers for tech companies to stop charging for security tools, to enable more organizations to protect themselves.
All customers will gain access to Microsoft Purview over the coming months in a move to “increase the secure-by-default baseline” of its cloud platforms.
The tech firm has been working closely with the U.S. government department, Cybersecurity and Infrastructure Security Agency (CISA).
“After working collaboratively for over a year, I am extremely pleased with Microsoft’s decision to make necessary log types available to the broader cybersecurity community at no additional cost. While we recognize this will take time to implement, this is truly a step in the right direction toward the adoption of Secure by Design principles by more companies.” – Jen Easterly, Director of CISA
Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA released a separate blog on the matter yesterday where he applauded Microsoft for removing the cost of these tools. In the blog post, Goldstein makes reference to the recent Microsoft Exchange Online breach by Chinese hackers and explains how logging data helped to mitigate potential further damage in that situation.