SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Global corporate soc misconfigured cloud security ai protection
#
Data Protection
#
Digital Transformation
#
MFA

Misconfigured Microsoft 365 leaves big firms exposed

Fri, 6th Mar 2026
Author image
By Kaleah Salmon, News Editor

Large organisations are struggling to secure Microsoft 365. Nearly half reported a security or compliance incident linked to misconfiguration in the past year, according to new research from CoreView.

The study found that 45% of large organisations experienced an incident caused by a Microsoft 365 misconfiguration in the past 12 months. It also reported that 82% of IT leaders see Microsoft 365 as a severe operational burden.

Microsoft 365 has expanded into a broad suite spanning identity, collaboration, communications and security. CoreView's findings suggest many organisations have not kept pace with the operational controls needed to manage that sprawl across large user bases.

The research combines a survey of 500 IT leaders at organisations with more than 1,000 Microsoft 365 users across the UK, the US, Germany and Australia, along with analysis of Microsoft 365 tenant data covering 1.6 million users.

Complexity pressures

One in five organisations said Microsoft 365 is almost impossible to manage and secure at enterprise scale. The view was strongest in the UK (27%), followed by the US (24%), Germany (10%) and Australia (8%).

More than one-third of respondents said Microsoft 365 has become significantly more complex and resource-intensive over the past two years. This mirrors a broader trend of organisations adding more Microsoft services, security tools, administrative portals and policy layers over time.

The operational load is also reflected in authentication telemetry. Failed Microsoft 365 login attempts averaged 140,443 per week per organisation, creating a steady stream of security signals for IT and security teams to review.

Visibility remains a central issue. Globally, 45% said they lack full visibility and control over their Microsoft 365 environment. The share rose to 52% in the UK and 47% in the US, and fell to 32% in Australia and 24% in Germany.

Baseline controls

Analysis of tenant data points to gaps in basic security hygiene at scale. CoreView found 90% of organisations struggle to enforce basic controls, including password policies and failed-login monitoring.

Multi-factor authentication is also inconsistent among privileged users. Nearly nine in 10 organisations (87%) had at least some administrators operating without multi-factor authentication. Overall, MFA was not enabled for 28% of administrators and 7% of users.

These gaps matter because administrator accounts carry elevated permissions across identity and policy settings. Misconfiguration in those areas can quickly cascade across users, devices, applications and data-access settings.

Governance also appears to lag day-to-day operational change. CoreView found 43% of organisations globally reported failed or delayed audits due to slow, incomplete or manual Microsoft 365 reporting. Rates were 46% in Germany, 44% in Australia, 43% in the US and 42% in the UK.

AI pushback

The research also highlighted tensions regarding the use of AI in Microsoft 365 administration. Many organisations are considering automation to reduce manual workload, but the study suggests it can introduce new governance risks.

More than half (51%) said they had reversed AI-driven changes in Microsoft 365 due to security or governance concerns. The UK recorded the highest level (64%), followed by Australia (52%), Germany (46%) and the US (40%).

At the same time, 70% of IT leaders said AI-driven administration would be valuable, highlighting a gap between appetite for automation and confidence in controls, oversight, and change management.

Concerns extend to senior leadership. One-quarter of IT leaders said they face C-suite resistance to AI adoption due to security concerns. The figure rose to 34% in Germany and 32% in the US, compared with 28% in Australia and 13% in the UK.

Looking ahead, 45% plan to replace legacy tools with AI-augmented solutions in the next 24 months. Risk concerns persist: 46% worry about AI acting without oversight, and 45% said success depends on AI actions being traceable and explainable.

CoreView said the findings show organisations need stronger governance foundations before expanding automation across Microsoft 365 administration.

"AI is being deployed into environments that aren't ready for it," said Andrea Sivieri, Chief Product & Technology Officer at CoreView. "Microsoft 365 has become operationally overwhelming, and organisations are turning to automation to cope. But when governance and security controls aren't already in place, AI doesn't fix the problem, it accelerates it. Without structure and guardrails, automation moves risk into production faster than teams can pull it back."

The report identified seven risk areas: operational burden, authentication pressure, visibility and control, baseline security enforcement, audit readiness, leadership resistance to AI, and concerns about automated actions without oversight.

Large Microsoft 365 deployments are expected to increase their use of automation, even as regulators and auditors push for clearer evidence of control over identity, access and configuration across business-critical cloud platforms.

Related stories
Anthropic launches Claude Opus 4.7 with stronger coding
CIQ launches Linux compliance platform ahead of deadlines
Your.Cloud acquires Pure Cloud Solutions in UK push
Emerson & OPSWAT strike global reseller deal for OT patching
OVHcloud adds Quandela Belenos quantum computer to platform

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
CERN joins OpenSearch foundation as associate member
OpenAI launches Trusted Access for Cyber with major names