HomeWinBuzzer NewsReport: Microsoft 365 Admins Are Ignoring MFA and Have Too Much Access

Report: Microsoft 365 Admins Are Ignoring MFA and Have Too Much Access

A study by CoreView Research shows 87 percent of Microsoft 365 administrators do not enable multi-factor authentication.


A recent security study shows 97 percent of all users don't use the multi-factor authentication (MFA) tools available to them. In terms of admins, 78 percent are avoiding the MFA security measures.

CoreView Research highlights the problem, which shows 365 may be vulnerable because users are ignoring basic security tools. One of the questions is why users and admins are not tapping into MFA.

Either way, the report points out how dangerous this common lapse is:

“This is a huge security risk – particularly during a time where the majority of employees are remote – that IT departments must acknowledge and address in order to effectively deter cyberattacks and strengthen their organization's security posture,” says to the report, released last week.

Microsoft 365 is a common source of attack for cybercriminals. Because accounts are linked to systems, successfully breaching an account could give bad actors access to a wider system. For enterprises, securing Microsoft 365 is important.

Too Much Access

However, it seems even admins are ignoring one of the fundamental security options. MFA is a basic level protection that makes it significantly harder for an unauthorized actor to breach an account.

According to the research, organizations are not properly securing Microsoft 365 when they roll it out. Aside from avoiding MFA, the report shows administrators have too much control over the platform and what happens to sensitive information.

57 percent of organizations using M365 allow admins to have too much access to critical data, including the ability to modify it.

“In today's modern work environment, where supporting remote work is a must, CoreView's data indicates that the missing ingredient in deploying and using M365 (Microsoft 365) effectively is often data governance, application security and Shadow IT oversight,” the report adds. “Enterprises must ensure they have the processes and tools, including CoreView, to help securely migrate and operate the world's leading SaaS productivity platform.”

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News