First, there is a US Cyber Safety Review Board (CSRB), established 2022:
It's part of the Cybersecurity & Infrastructure Security Agency (CISA), which you may recognize, at the Department of Homeland Security. The board "serves a deliberative function to review and assess significant cyber incidents and make concrete recommendations that would drive improvements within the private and public sectors." Membership is government and private industry, including a Google VP, former Crowdstrike CTO, NSA leaders, etc.
1. Stop charging for audit logs for Exchange Online's MailItemsAccessed activity[1].
On this point, Microsoft announced in July 2023[2] and added it to their roadmap in October 2023[3] that they'll make this feature part of the "standard" feature level some time after June 2024.
The rest of the items give the impression of just being a bit angry, but nothing materially planned to be done about it. What other option realistically exists once 99% of businesses and government agencies are locked into using M365?
First, there is a US Cyber Safety Review Board (CSRB), established 2022:
It's part of the Cybersecurity & Infrastructure Security Agency (CISA), which you may recognize, at the Department of Homeland Security. The board "serves a deliberative function to review and assess significant cyber incidents and make concrete recommendations that would drive improvements within the private and public sectors." Membership is government and private industry, including a Google VP, former Crowdstrike CTO, NSA leaders, etc.
https://www.cisa.gov/cyber-safety-review-board-csrb-members
Second, how much I am stuck with Microsoft's explanation. Did anyone know much of what is in the OP or in this summary:
https://www.dhs.gov/news/2024/04/02/cyber-safety-review-boar...