![]() ![]() What is Microsoft's strategy for monitoring security? All log transfers occur over a TLS encrypted connection (FIPS 140-2). The anonymized and hashed logs are rewritten and then uploaded into Cosmos. Prior to uploading log data, an automated log management application uses a scrubbing service to remove any fields that contain customer data, such as tenant information and user personal data, and replace those fields with a hash value. How do Microsoft online services protect user personal data that may be captured in audit logs? The exact period of audit log data retention determined by the service teams most audit log data is retained for 90 days in Cosmos and 180 days in Kusto. Audit logs are retained long enough to support incident investigations and meet regulatory requirements. Administrative access requires Just-In-Time (JIT) access approval, and all changes to logging mechanisms for Cosmos are recorded and audited. Security team personnel don’t have standing administrative access to Cosmos or Kusto. In addition, Microsoft restricts the management of audit logs to a limited subset of security team members responsible for audit functionality. Access to Microsoft online service data stored in Cosmos or Kusto is restricted to authorized personnel. ![]() ![]() The tools used in Microsoft online services to collect and process audit records don’t allow permanent or irreversible changes to the original audit record content or time ordering. How do Microsoft online services protect audit logs? These reports are used to monitor and improve the overall performance of the service. In addition to automated security monitoring, service teams use analysis tools and dashboards for data correlation, interactive queries, and data analytics. Security-related detections generate alerts, notifying on-call engineers of a potential incident and triggering automated remediation actions when applicable. Machine learning models use incoming log data and historical log data stored in Cosmos or Kusto to continuously improve detection capabilities. Logs are processed in NRT using rule-based, statistical, and machine learning methods to detect system performance indicators and potential security events. This data transfer occurs over a FIPS 140-2-validated TLS connection on approved ports and protocols using automated log management tools. Many different types of log data are uploaded from Microsoft servers to a proprietary security monitoring solution for near real-time (NRT) analysis and an internal big data computing service (Cosmos) or Azure Data Explorer (Kusto) for long-term storage. How do Microsoft online services centralize and report on audit logs? Microsoft online services internal audit logging captures log data from various sources, such as: Potential incidents are escalated to the appropriate Microsoft security response team for further investigation. ![]() Automated log analysis supports near real-time detection of suspicious behavior. Audit logs capture details about system configuration changes and access events, with details to identify who was responsible for the activity, when and where the activity took place, and what the outcome of the activity was. Microsoft online services employ audit logging to detect unauthorized activities and provide accountability for Microsoft personnel. We anticipate that the feedback will lead to some further adjustments of the terms, which we’ll implement over the coming months.In this article How do Microsoft online services employ audit logging? We’ve already started the process of gathering feedback from our customers, including the Dutch Ministry of Justice and Security, on the revised contractual language of the Online Services Terms. As of today, the updated terms are available to all our commercial customers-public sector and private sector, large enterprises, and small and medium businesses-globally. Today, we published the updated Microsoft Online Services Terms with the changes we announced in November 2019.Īs Julie Brill, Microsoft’s Corporate Vice President for Privacy and Regulatory Affairs, described in her post, Introducing more privacy transparency for our commercial cloud customers, these changes provide our customers with more transparency on data processing in the Microsoft cloud, and increase Microsoft’s data protection responsibilities for a subset of data processing that we engage in when we provide commercial cloud services. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |