All FSI Publications Journal Articles Lawfare Blog

What to Make of Microsoft’s Year in Cybersecurity

For Lawfare, Andrew Grotto looks at a new cybersecurity offering for federal government customers called the Modern Log Management Program. 

March 7, 2022
microsoft building
A Microsoft building at night. (Dale Lane, https://flic.kr/p/4rNvyH; CC BY-NC-SA 2.0, https://creativecommons.org/licenses/by-nc-sa/2.0/)

On Feb. 1, Microsoft announced a new cybersecurity offering for federal government customers called the Modern Log Management Program. The program includes a suite of Microsoft’s visibility and remediation tools, which pull diagnostic data from various Microsoft products so that customers gain more insight into what’s happening on their networks. The goal of the program, according to Microsoft, is to help executive branch agencies meet new cybersecurity event logging requirements issued by the Office of Management and Budget (OMB) in August 2021 in a memorandum known as M-21-31. Microsoft has pledged to offer the program at a discounted price to help agencies “mitigate budget challenges from an increase in log source and log storage requirements required by M-21-31.”

This offer sounds almost charitable on Microsoft’s part, but a closer look at the circumstances that gave rise to M-21-31—and Microsoft’s unique place in federal information technology (IT)—highlights how Microsoft simultaneously combats, profits from and contributes to cybersecurity problems...

READ ONLINE AT LAWFARE