Support team rolls out MFA, then gets an unexpected rollback request
A systems support team working on a Microsoft 365 security project says a planned rollout of multi-factor authentication was derailed after a senior executive complained the change had broken part of...
A systems support team working on a Microsoft 365 security project says a planned rollout of multi-factor authentication was derailed after a senior executive complained the change had broken part of the company’s invoicing process.
According to a reader who described the incident, the team had worked with the customer to raise its Microsoft Secure Score and put MFA in place across the organization as part of a security baseline. The deployment was reportedly uneventful at first, with the changes applied as planned.
The next day, however, a senior director at the company phoned the service desk in anger and said the new authentication controls were overwhelming the business. The executive reportedly argued that requiring MFA had brought the organization to a standstill and threatened the invoicing system.
Support staff later determined that the disruption was much narrower than first claimed. Only a small number of phones were affected, and the underlying issue appeared to be in the invoicing application itself. The software was said to offer MFA compatibility, but to depend on faulty code to make it work.
Even after that explanation, the director allegedly insisted on an immediate rollback. The security change was reversed, leaving the organization with weaker protection than before.
Security concerns and mixed messages
The reader who shared the story said the reaction was especially surprising because the executive was described as a former COO of a cybersecurity company. The account suggests a disconnect between the security goals of the project and the response from leadership when a business process ran into trouble.
The same customer was also described as having a history of unusual requests, including asking an engineer who could not drive to travel to a remote site to repair a printer. In another incident, the executive allegedly blamed the Microsoft 365 work for causing a power outage.
- The MFA rollout was part of a broader security baseline for Microsoft 365.
- The reported outage affected only a small number of mobile devices.
- The invoicing software, not MFA itself, was said to be the source of the problem.
- The rollback left the organization with less authentication protection.
The episode underscores a common challenge for IT teams: even well-planned security improvements can be undone quickly when business users interpret any disruption as a security failure.
