9 out of 10 Enterprises Have Vulnerabilities in their Microsoft 365 Security Configurations

9 out of 10 Enterprises Have Vulnerabilities in their Microsoft 365 Security Configurations

November 16, 2022 Off By David

A recently published study evaluated 1.6 million Microsoft 365 users across three continents. CoreView found that 90% of organizations had gaps in essential security protections. Managing Microsoft 365 (M365) is complicated. How can IT teams avoid management headaches, stay 100% compliant, and truly take control of their M365 instance?

To find out, CoreView experts reviewed the most common problems to understand what companies are doing well and reveal gaps in IT management strategies.

Research from the study reveals that many common security procedures are not being followed 100% of the time. This leaves gaping holes in most organizations’ security defenses. While most companies have strong documented security policies, the research uncovered that most aren’t being implemented consistently due to difficulties in reporting and limited IT resources:

  • 90% of companies had gaps across all four key areas studied – Multi-Factor Authentication (MFA), Email Security, Password Policies, and Failed Logins
  • 87% of companies have MFA disabled for some or all their admins (which are the most critical accounts to protect, due to their higher access levels)
  • Only 17% of companies had strong password requirements that were being consistently followed.

Overall, nearly every organization is leaving the door open for cybersecurity threats due to weak credentials, particularly for administrator accounts.

In addition to security challenges, the study identified key areas for improvement in managing Microsoft 365 licenses as well, such as:

  • The average company had 21.6% of their licenses unassigned or “sitting on the shelf.” Another 10.2% of licenses were inactive, for an average of 31.9% unused licenses
  • In 17% of companies, the numbers were huge with over 10,000 licenses unassigned or inactive! These cases represent big opportunities to optimize license spend with better tools.

Overall, the study reveals that reporting challenges make security and license management incredibly difficult, leading to unnecessary risks and costs.

“The role of the IT professional is more important and complex than ever. They need to stay in perfect compliance 100% of the time, all while saving money and improving the end-user experience,” said Shawn Lankton, CEO of CoreView. “To overcome this challenge, IT professionals require solutions that help automate compliance and delegate responsibilities to ensure security and efficiency across the business.”

View the full report here.