Security News > 2020 > October > Majority of Microsoft 365 Admins Don’t Enable MFA
Up to 78 percent of Microsoft 365 administrators do not have multi-factor authentication security measures enabled.
A recent report by CoreView Research also found that 97 percent of all total Microsoft 365 users do not use MFA, shedding a grim light on the security issues inherent with the implementation of Microsoft's subscription service.
MFA is one of the best ways to prevent this type of unauthorized access to Microsoft 365, researchers said - with research from SANS Software Security Institute indicating that 99 percent of data breaches can be prevented using MFA. However, the research reveals that Microsoft 365 users - and even admin accounts, with the highest level of permissions and oversight of data - are not doing their part to implement MFA for their accounts.
Overall, researchers found overarching issues with how Microsoft 365 is being implemented in companies.
Microsoft 365 faced another phishing attack-this one using a new technique to make use of authentication APIs to validate victims' Office 365 credentials-in real time-as they enter them into the landing page.