hendryadrian.com (Focus Mode)

Summary: CISA has released guidance for government agencies and enterprises on utilizing expanded cloud logs in Microsoft 365 for forensic and compliance investigations. The new Microsoft Purview Audit (Standard) logging capabilities enhance threat-hunting efforts, particularly in response to a significant Exchange Online breach attributed to the threat actor Storm-0558. This guidance aims to improve monitoring of user and admin operations across Microsoft services, following the breach that compromised sensitive emails from U.S. government officials.

Threat Actor: Storm-0558 | Storm-0558
Victim: U.S. Government | U.S. Government

Keypoints :

CISA’s guidance focuses on the use of expanded logging capabilities in Microsoft 365 for enhanced cybersecurity operations.
The new logs provide critical telemetry for detecting business email compromise and advanced nation-state threats.
The guidance follows a breach where Storm-0558 stole over 60,000 emails from U.S. government officials, highlighting the need for improved logging access.

Source: https://www.bleepingcomputer.com/news/security/cisa-shares-guidance-for-microsoft-expanded-logging-capabilities/