MicrosoftMicrosoftColbyBoone The negative consequences of this change are substantial. Forensic investigators will lose a lot of insight into malicious activity that happened during a compromise. This will impact the ability to appropriately alert people who have been victimized as a result of a Business Email Compromise so that they can take appropriate steps to protect themselves. This reduced visibility into logging will ultimately perpetuate a threat actor's ability to continue to cause harm. Microsoft is aiding and abetting cybercrime by making this change.
Why does the UAL have to be manually enabled by the end user? Auto-enablement shouldn't be a difficult thing to do. Manual enablement of basic forensic and security features is disingenuous product design choice.
