A recent security study shows 97 percent of all Microsoft 365 users don’t use the multi-factor authentication (MFA) tools available to them. In terms of admins, 78 percent are avoiding the MFA security measures.

CoreView Research highlights the problem, which shows Microsoft 365 may be vulnerable because users are ignoring basic security tools. One of the questions is why users and admins are not tapping into MFA.

Either way, the report points out how dangerous this common lapse is:

“This is a huge security risk – particularly during a time where the majority of employees are remote – that IT departments must acknowledge and address in order to effectively deter cyberattacks and strengthen their organization’s security posture,” says to the report, released last week.

Microsoft 365 is a common source of attack for cybercriminals. Because accounts are linked to systems, successfully breaching an account could give bad actors access to a wider system. For enterprises, securing Microsoft 365 is important.

Too Much Access

However, it seems even admins are ignoring one of the fundamental security options. MFA is a basic level protection that makes it significantly harder for an unauthorized actor to breach an account.

According to the research, organizations are not properly securing Microsoft 365 when they roll it out. Aside from avoiding MFA, the report shows administrators have too much control over the platform and what happens to sensitive information.

57 percent of organizations using M365 allow admins to have too much access to critical data, including the ability to modify it.

“In today’s modern work environment, where supporting remote work is a must, CoreView’s data indicates that the missing ingredient in deploying and using M365 (Microsoft 365) effectively is often data governance, application security and Shadow IT oversight,” the report adds. “Enterprises must ensure they have the processes and tools, including CoreView, to help securely migrate and operate the world’s leading SaaS productivity platform.”