The China-backed intruders, referred to as Storm-0558, broke into Microsoft’s network and stole a digital skeleton key that allowed the hackers unfettered access to U.S. government emails stored in Microsoft’s cloud. According to a government-issued postmortem of the cyberattack, the State Department identified the intrusions because it paid for a higher-tier Microsoft license that granted access to security logs for its cloud products, which many other hacked U.S. government agencies did not have.
Following the China-backed hacks, Microsoft said it would start providing logs to its lower-paid cloud accounts from September 2023.
Oh great! Until this incident, security is considered a "premium feature". I really want off this "up sell to premium" ride.