Smart IT shops load up on anti-virus/anti-malware, firewalls, as well as intrusion detection and prevention systems. But that still leaves Office 365 vulnerable to identity and privilege abuse and attacks.

In fact, a survey of 27 million users across 600 enterprises found that 71.4% of Office 365 business users suffer at least one compromised account each month.

Osterman Research surveyed Office 365 IT managers, and 71% of those asked struggled to “audit, manage and control privileged access into Office 365 applications.”

Here are three ways hackers exploit O365 identity and privileges, and how to stop them.