wonderfully unique software solutions

CoreView highlights enterprise vulnerabilities through M365 config

Nine of ten enterprises in a CoreView survey had misconfigured their Microsoft 365 (M365) security, according to the US-based vendor.

Shawn Lankton, chief executive of CoreView, said this reflected that IT professionals require automated compliance as well as delegated responsibilities to ensure security and efficiency across the business.

“The role of the IT professional is more important and complex than ever. They need to stay in perfect compliance 100% of the time, all while saving money and improving the end-user experience,” Lankton said.

Despite widespread use of layered protection including multi-factor authentication and strong passwords, IT teams still struggle to achieve full, continued compliance with security policies.

The CoreView study evaluated 1.6 million M365 users, based in workplaces in different countries.

But according to CoreView, managing M365 is complicated if organisations want to remain compliant and have full control of their M365 instances.

While most companies have strong documented security policies, CoreView found a lack of consistent implementation, which it said were largely due to difficulties in reporting as well as limited IT resources.

“Ninety percent of companies had gaps across all four key areas studied – MFA, email security, password policies, and failed logins,” the vendor said.

“Eighty-seven percent of companies (that we surveyed) have MFA disabled for some or all their admins, which are the most critical accounts to protect, due to their higher access levels.”

In CoreView’s sample pool, just 17% of companies had strong password requirements that were being consistently followed.

Additionally, the average company had 22% of their licenses unassigned, and another 10% of licenses inactive.

“In 17% of companies, the numbers were huge with over 10,000 licenses unassigned or inactive,” the vendor said — suggesting “opportunities to optimise license spend” for sales channels.

( Photo courtesy and copyright © Microsoft 2022-23 )

Recent Articles

JetBrains Academy adds 43 topics and four projects for learning code

The programmer education division of developer tools provider JetBrains has followed up seven New Year project releases with 43 new study topics...

Employees often unware of compliance and email security needs, says GFI Software

People at work often know little about their organisation's requirements around email cybersecurity, data management and regulatory compliance, GFI Software has warned...

BrowserStack adds Cypress support for Safari WebKit on OS X and Windows

Cross-browser software vendor BrowserStack has unveiled Cypress support for the Safari browser engine WebKit, expected to assist devs with test automation.

Keeper bulks up zero-trust with new Connection Manager

Zero-trust passwords and secrets management company Keeper Security has updated Keeper Connection Manager (KCM) with new features including SQL Server and PostgreSQL...

Malwarebytes launches mobile security for business endpoints

Cybersecurity software provider Malwarebytes has extended its award-winning endpoint protection to organisations' mobile devices. Mark Strassman, chief product officer...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox