Nine of ten enterprises in a CoreView survey had misconfigured their Microsoft 365 (M365) security, according to the US-based vendor.
Shawn Lankton, chief executive of CoreView, said this reflected that IT professionals require automated compliance as well as delegated responsibilities to ensure security and efficiency across the business.
“The role of the IT professional is more important and complex than ever. They need to stay in perfect compliance 100% of the time, all while saving money and improving the end-user experience,” Lankton said.
Despite widespread use of layered protection including multi-factor authentication and strong passwords, IT teams still struggle to achieve full, continued compliance with security policies.
The CoreView study evaluated 1.6 million M365 users, based in workplaces in different countries.
But according to CoreView, managing M365 is complicated if organisations want to remain compliant and have full control of their M365 instances.
While most companies have strong documented security policies, CoreView found a lack of consistent implementation, which it said were largely due to difficulties in reporting as well as limited IT resources.
“Ninety percent of companies had gaps across all four key areas studied – MFA, email security, password policies, and failed logins,” the vendor said.
“Eighty-seven percent of companies (that we surveyed) have MFA disabled for some or all their admins, which are the most critical accounts to protect, due to their higher access levels.”
In CoreView’s sample pool, just 17% of companies had strong password requirements that were being consistently followed.
Additionally, the average company had 22% of their licenses unassigned, and another 10% of licenses inactive.
“In 17% of companies, the numbers were huge with over 10,000 licenses unassigned or inactive,” the vendor said — suggesting “opportunities to optimise license spend” for sales channels.
( Photo courtesy and copyright © Microsoft 2022-23 )