At Microsoft, we offer a rich set of robust security and compliance capabilities in Office 365 and Microsoft 365. One of these is the ability to better understand account activity – like documents accessed, and mailboxes accessed – through audit logs to assess if, how, when, and to what extent a security incident has occurred. To be clear, audit logs don’t prevent attacks, but can be useful in retroactively examining how they occurred when an attacker is impersonating a user.
Different customers have different preferences and needs for where they save their audit logs and how long they wish to keep them. For this reason, we’ve typically provided customers maximum choice and flexibility. By default, we retain audit logs in the cloud for most Office 365/Microsoft 365 customers for 90 days. This gives customers the ability to decide if they’d like to:
- Download the audit logs and store them locally or in a cloud instance of their choice,
- Keep them with a third-party security vendor, or
- Keep them with Microsoft through an advanced service we call Advanced Audit, which provides deeper forensic investigation tools and audit log storage in the cloud for one year or longer.
We appreciate that some U.S. federal government customers have recently raised questions about the costs associated with Advanced Audit and their ability to store audit logs with Microsoft for a longer time period. While we work to address their questions and work collaboratively toward a long-term solution, we are now offering all U.S. federal government customers who use our Government Cloud a one-year free trial of Advanced Audit. Those who are interested should reach out to their Microsoft representative to learn more.
We always invite feedback from customers including our public sector customers and work hard to address it. While we might not be able to immediately meet every need or request, we believe it’s important to listen and to continuously invest in making helpful improvements. We have recently, for example, offered new privacy tools in response to feedback from the Dutch Ministry of Justice and Security, and before the 2020 election, we extended free security updates to voting machines running Windows 7.
Throughout our 45-year history, we have supported the U.S. federal government to help them use the power of technology to advance the mission of its agencies. We hope today’s update is another example of our commitment.