Microsoft engineers shared that 99.9% of compromised accounts forgot to turn on MFA. Despite so many warnings and proof of the efficacy of MFA, an M365 security report by Coreview reveals that 78% of M365 administrators do not have MFA activated. Isn't that crazy? It's not always perfect (phishing, social engineering and password brute-force attacks, device theft etc.); nevertheless, it is clearly better than not having it. However, if not implemented with care, it can create headaches for MSPs.