IT Teams Fall Short in Microsoft 365 Security Protections

IT Teams Fall Short in Microsoft 365 Security Protections

By Greg Tavarez

Remote and hybrid work environments prompted many enterprises to leverage solutions like Microsoft 365, perhaps sooner than they otherwise may have made the transition to the cloud. Across the board, digital transformation was accelerated as businesses moved to quickly adapt to new, though now familiar, work environments. The complexity of M365, with its 25 different apps and more than a dozen admin panels, paired with the skyrocketing usage made it difficult for IT teams to keep up with security monitoring and compliance.

CoreView, looking to understand what companies are doing well with M365, found that not all is as good as companies might want to think. An overwhelming majority ( 90%) of organizations have gaps in essential security protections falling into four areas: MFA, email security, password policies and failed logins.

The cause of the gaps? Common security procedures are not always followed. Even though most enterprises have strong documented security policies, CoreView’s research uncovered that most aren’t being implemented consistently due to difficulties in reporting and limited IT resources.

For example, 87% of companies have MFA disabled for some or all their admins. These are critical accounts that need protection. The research also found that most companies, a little more than 80% in fact, don’t have strong password requirements. Strong passwords, of course, are cornerstone of good security practices

The danger, of course, is these shortcomings leave the door open for cybersecurity threats.

“The role of the IT professional is more important and complex than ever. They need to stay in perfect compliance 100% of the time,” said Shawn Lankton, CEO of CoreView.

Additionally, companies face other challenges that make security and license management difficult, ultimately leading to unnecessary risks and costs. Around 22% of companies have unassigned M365 licenses – 17% have more than 10,000 licenses unassigned or inactive. These cases represent big opportunities to optimize license spend with better tools.

Inactive licenses pose a potential security risk that many IT teams may not think about. Users who left the organization might have access or may have poor password security and be easily hacked. They may also be a reflection of overpurchased licenses, where users don’t need the capabilities that were purchased.

This adds to the overall complexity for IT teams that struggle to keep up with best practices without a cohesive strategy for enforcing internal and external policies and continually ensuring compliance with these policies.

“To overcome this challenge, IT professionals require solutions that help automate compliance and delegate responsibilities to ensure security and efficiency across the business,” said Lankton.

Automating and delegating critical security, license optimization and other management tasks enable IT professionals to focus on important tasks instead of repetitive manual work.




Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

Shining a Light on the Dark Web: Searchlight Cyber Debuts Comprehensive Hub

By: Greg Tavarez    3/28/2024

The Dark Web Hub is a one-stop shop for crucial context and continuously updated information on dark web marketplaces, ransomware actors, hacking foru…

Read More

Stellar Cyber and Trellix Bridge the Gap in Security Operations

By: Greg Tavarez    3/28/2024

Stellar Cyber announced the integration with Trellix Endpoint Security HX to allow customers to deploy more robust security solutions and improve thei…

Read More

CyberSaint Raises $21M in Series A Funding to Continue Securing its CyberStrong Customers

By: Alex Passett    3/27/2024

CyberSaint announced that it succeeded in a huge $21 million Series A funding round. This was led by Riverside Acceleration Capital (RAC) with other i…

Read More

US Education Receives Security Upgrade with Free Browser Protection Offered by Conceal, Carahsoft

By: Greg Tavarez    3/27/2024

Conceal and Carahsoft recently unveiled an initiative to fortify the cybersecurity infrastructure of U.S. educational institutions.

Read More

Cato's AI Takes Control of Security and Incident Response

By: Greg Tavarez    3/27/2024

With Cato's recently announced Network Stories for Cato XDR, advanced AI algorithms instantly identify outages in customer networks and conduct root c…

Read More