Microsoft to Offer Some Cybersecurity Tools Free After Suspected China Hack

The decision to open up access to its back-end systems that log activity on the cloud came after Microsoft’s tiered payment system attracted criticism in the wake of an alleged Chinese cyber-espionage campaign, which the company said infiltrated its cloud-based email system and compromised inboxes at about two dozen organizations globally. The federal government, including officials at the State Department and Commerce Secretary Gina Raimondo, was among the victims of the attack, U.S. officials said.

Beginning in September, the technology company will make 31 critically important security logs available free to licensees of the company’s lower-cost cloud services, including the type of email log that was used to identify the China-linked attack, said Vasu Jakkal, a vice president of security at Microsoft. The company will also increase the duration of retention for security logs from 90 to 180 days, Jakkal said.

While logs don’t prevent cyberattacks, companies use them to detect and investigate hacks because the logs keep track of activity on Microsoft’s servers. In the recent China-linked breach, key logging information required to detect the attack was only available to purchasers of Microsoft’s top-tier Microsoft 365 cloud service, known as E5, officials said last week. That left some customers with cheaper plans no way of figuring out whether they had been hacked.

“This is a significant step forward to ensuring that every Microsoft customer has the right visibility to detect other threats that we know are targeting American organizations every day,” said Eric Goldstein, executive assistant director for cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency.

Jakkal and Goldstein said the effort to identify valuable security logs and provide them free to Microsoft customers had been continuing for…