Laptop with Office 365Source: Windows Central

What you need to know

  • Microsoft 365 services offer many, many tools to organizations.
  • A new survey by Ensono has found that a large number of IT decision-makers and their respective organizations don't utilize MS365 to the fullest, leaving valuable tools and security resources on the table.
  • As an example of the above situation, Ensono discovered that 38% of organizations surveyed were not using multi-factor authentication (MFA).

Even if they're paying for the goods, not all organizations are using them. In fact, a surprisingly large amount of organizations subscribed to Microsoft 365 services are neglecting some key features that could help with productivity and security.

According to a new survey by Ensono, which gathered the responses of 251 UK IT decision-makers from a range of businesses, many organizations are missing out on data loss prevention (DLP), Conditional Access Controls (CAC), and multi-factor authentication (MFA). Respondents included IT decision-makers for firms with 10,000+ employees as well as small businesses with 1-10 employees (in addition to sizes between these extremes). While 83% of the surveyed population found Microsoft 365 invaluable, Ensono also reported that:

  • 38% are not using multi-factor authentication (MFA)
  • Only 43% have Conditional Access Controls in place (CAC)
  • 46% do not have data loss prevention (DLP) or data classification configured

"Of those surveyed that reported a Microsoft 365-related breach, 42% were linked to files being shared with external parties and 37% were due to the impersonation of a compromised account," the report reads, highlighting a few potential consequences of not using the built-in security offerings of MS365.

Simon Ratcliffe, Principal Consultant at Ensono, noted that some firms are creating unnecessary expenditures for themselves by going with third-party solutions for functionalities already packaged with their Microsoft 365 subs.

A takeaway of the survey is this: In a world filled with impersonators and threat actors, knowing what security you have at your disposal is paramount.