See all events
Use of Microsoft 365 has exploded. As an organisation, they’re making impressive strides in security features and capabilities. Their email security, for example, has been independently shown to have significant improvements in malware protection. Unfortunately that has been show to come at the cost of increased false positives with legitimate Office files routinely marked as malicious.
Over 90% of all attacks start via email, so email security is critical. Delivering effective email security at the scale of Microsoft is a massive challenge, as any latency associated with message analysis quickly adds up. As a result analysis is inevitably reduced. Microsoft also becomes a victim of their own success, with attackers crafting code specifically to evade Microsoft defences. This lethal combination results in lower than optimal rates of detection of phishing and spear phishing as well as impersonation attacks. According to the Verizon Data Breach Report 2022 Microsoft missed 42% of Financial phishing messages.
So whilst Microsoft 365 security is good enough, this leads to the question – is good enough really good enough?
65% of state and criminal actors use cross-channel attack techniques. Attacks that start in email are no longer confined there, but instead are immediately moving to other channels. It is becoming increasingly important that email, web and cloud app security are tightly integrated. If they’re not, then end-to-end attack visibility is impossible – and without visibility, protection is impossible. Unfortunately Microsoft’s web security capabilities are still immature, and Microsoft Defender for Cloud Apps is a nightmare for even the most experienced project teams. Time to value is not a headline benefit of Defender.
That brings us on to cognitive friction. Whilst M365 might be a suite of products the number of admin views and dashboards can still be confusing. And they change on what feels like almost a daily basis. Administrators of M365 tenants have a full time role just keeping up to speed with where to go to configure specific features, rules and policies. This pushes up Total Cost of Ownership significantly. Again is good enough really good enough?
There are significant hidden costs associated with a Microsoft-only approach. When you analyse the costs of the M365 plans, the security gaps that still exist – and add in the hidden costs as well – then it is highly likely that good enough really isn’t good enough.
*By registering for any e92plus event, you agree to our business terms and conditions, including for the information provided above to be shared with any event sponsors.
Register today
Register today for Is Microsoft’s good enough, good enough. Please fill in the form with all details and submit. You will then recieve a confirmation of your registration.