Today organisations running Microsoft 365 are grappling with serious security challenges linked to misconfiguration and basic security control gaps, putting sensitive data and operations at risk. New research from CoreView reveals almost half of large enterprises have had a security or compliance incident in the past year directly caused by Microsoft 365 settings gone wrong. This report exposes how complexity, poor visibility, weak authentication and a heavy operational load are creating fertile ground for cyber threats and compliance failures.
Nearly Half of Enterprises Report Microsoft 365 Security Incidents
Microsoft 365 is one of the most widely used cloud productivity platforms in the world, yet it is now a significant security challenge for large organisations. According to the latest research from CoreView, 45 percent of large enterprises worldwide experienced a security or compliance incident in the last 12 months caused by a misconfiguration of Microsoft 365.
The global survey covered 500 IT leaders at organisations with more than 1,000 Microsoft 365 users across the United Kingdom, United States, Germany and Australia, and analysed tenant configuration data involving 1.6 million users. The report paints a worrying picture of environments where misconfiguration and a lack of operational control have opened doors for security lapses and compliance issues.
At the regional level, organisations in the UK and the United States reported the highest struggle with misconfiguration incidents, while those in Germany and Australia record lower but still meaningful exposure. Many IT professionals describe the platform as increasingly difficult to manage and secure.
Complexity and Poor Visibility Threaten Security Posture
One of the most striking findings is how complexity within Microsoft 365 itself is overwhelming large organisations. More than one third of IT leaders surveyed said the platform has become significantly more complex and resource intensive over the last two years.
Microsoft 365 has evolved far beyond simple email and office applications. It now spans identity, collaboration, communication and security tools. But with that expansion has come sprawling controls, disparate administrative portals, and a growing maze of policies, making full oversight exceedingly difficult.
One of the biggest operational burdens is authentication traffic. On average, organisations are seeing 140,443 failed login attempts per week, generating a constant stream of security alerts that IT teams must review and triage. Without full visibility, this flood of data becomes noise, obscuring genuine threats.
Nearly half of organisations admitted they lack full visibility and control over their Microsoft 365 environment, with the issue more pronounced in the UK (52 percent) and US (47 percent). In contrast, organisations in Germany and Australia reported somewhat better visibility but still significant gaps.
Basic Security Controls Still Aren’t Enforced at Scale
Perhaps most concerning is the lack of enforcement of basic security hygiene across these environments. The CoreView analysis shows that 90 percent of organisations struggle to implement foundational security controls such as password policies and failed login monitoring.
Equally troubling is the inconsistent deployment of multi-factor authentication (MFA), a critical defense against account takeover. Nearly nine out of ten organisations (87 percent) had some administrators without MFA enabled, and overall MFA was not active for 28 percent of admin accounts and 7 percent of general users. This is particularly alarming because administrators control identity and policy settings that govern the entire organisation.
Compounding this, other security research highlights how attackers are evolving. Sophisticated phishing campaigns are abusing authentication flows and redirect features to bypass MFA protections and deliver malware or credential theft payloads, even inside secure environments.
AI Automation Adds Opportunity and Risk
As organisations struggle with mounting operational burdens, many are considering automation driven by artificial intelligence to simplify Microsoft 365 administration. However, CoreView reports that more than half of organisations have reversed AI-driven changes due to governance or security concerns, suggesting automation without strong guardrails can make matters worse.
While 70 percent of IT leaders believe AI could be valuable in reducing manual workload, concerns about lack of oversight, unforeseen changes and traceability of automated actions limit confidence in large scale deployments. Almost half of respondents worry that AI might act without enough human supervision.
Senior leadership itself is sometimes reluctant to embrace AI solutions in secure environments. One quarter of IT leaders reported resistance from C-Suite executives who worry that AI could introduce new vulnerabilities or make existing ones worse without proper governance.
Failed Audits and Regulatory Challenges
Misconfigurations and weak governance aren’t just theoretical risks. They have real operational consequences, especially when it comes to audits and regulatory compliance. The research found that 43 percent of organisations reported failed or delayed audits because Microsoft 365 reporting was slow, incomplete or overly reliant on manual processes.
In today’s regulatory environment, this can mean serious legal and reputational costs. Auditors increasingly scrutinise identity, access, configuration and compliance controls across cloud platforms. When organisations cannot produce fast, clear evidence of control, their risk exposure increases.
What Leaders Must Do Next
The findings make it clear that executives and IT leaders must adopt a stronger security-first approach to Microsoft 365 management. Here are key steps organisations should prioritise:
Reinforce foundational security controls: Ensure password policies, failed login monitoring and MFA are consistently applied across all users and especially administrators.
Invest in visibility tools: Use advanced monitoring and configuration tools that provide real-time insight into user behaviours and settings.
Govern AI adoption carefully: Introduce AI-driven automation only after implementing strong governance and oversight frameworks.
Streamline audit reporting: Adopt automated reporting tools to ensure compliance data is accurate and ready for regulatory demands.
Without these actions, organisations risk not only data compromise but also operational shutdown when misconfigurations are exploited by adversaries. Advanced threats exploit weaknesses faster than teams can detect them, especially when basic security configuration is left undone.
Microsoft 365 has become essential for global business operations, but this research underscores that security cannot be an afterthought; it must be foundational, visible and continuously enforced. Healthcare systems, financial institutions and public agencies rely on these environments to protect sensitive data and critical functions. The stakes are too high for misconfiguration to remain a persistent vulnerability.
Large organisations must now act urgently to fix misconfigurations, eliminate security blind spots and build secure Microsoft 365 environments that can withstand modern cyber threats and regulatory scrutiny. Only then can they truly leverage the full value of Microsoft 365 without risking their digital security.
