top of page
Search

Top 5 Microsoft 365 “Gotchas” I Wish I Knew Sooner

  • Writer: Kyle Cira
    Kyle Cira
  • Sep 3
  • 2 min read
ree

Microsoft 365 is a powerful platform, but it comes with quirks that can surprise even experienced administrators. Over the years, I’ve learned a few lessons the hard way—so here are five “gotchas” that I wish I had known sooner. Hopefully, they’ll save you some time (and frustration).


1. The Unified Audit Log Isn’t Instant

Clicking the link to enable the Unified Audit Log doesn’t mean you can immediately use it. In fact, it can take up to 24 hours before logs begin flowing. If you don’t want to wait, you can enable it right away via PowerShell.


2. Cloud Shell Is Free (Sort Of)

Want to run PowerShell scripts against your M365 tenant but are restricted from doing so on your machine? First of all, -nice work-, but that's where Cloud Shell comes in. Microsoft Cloud Shell can be used without cost, but you still need to spin up an Azure subscription first.


3. Turning Off OWA Comes With Hidden Consequences

Outlook on the Web (OWA) seems easy enough to disable—until you realize the ripple effects.

  • Disable it for a single mailbox, and you lose access to any mailboxes you’ve been delegated.

  • Disable it via Conditional Access, and suddenly you can’t reach certain admin centers.

The practical middle ground? Keep OWA enabled but restrict access to trusted IP addresses.


4. Conditional Access Can Block More Than You Intended

Blocking access to Microsoft 365 admin centers through Conditional Access seems like a clean security win… until users start complaining. Why? Because this also blocks:

  • Access to quarantine

  • Management of Exchange resources and groups

  • The ability for users to download Office software

It’s a classic case of “one step forward, two steps back.” Plan carefully before flipping this switch.


5. Don’t Bother Memorizing the UI

If you’ve ever spent time memorizing where something lives in the Microsoft 365 Admin Center, you know the pain: by the time you need it again, Microsoft has moved it. Instead of wasting time memorizing menu clicks, just learn the names of the areas you need to find. Think of it as a rite of passage—the bi-annual treasure hunt every M365 admin endures.


Final Thoughts

Microsoft 365 is constantly evolving—which means you’re always balancing the benefits of new features with the frustrations of unexpected changes. The “gotchas” above are just a few examples of how small missteps can create big headaches for admins and end users alike.


At Redeemer Cyber, we specialize in helping organizations navigate these complexities with confidence. From identifying hidden vulnerabilities to implementing secure, user-friendly configurations, we’ve seen—and solved—these challenges many times before.


If you’re ready to take the guesswork out of Microsoft 365 security, let’s talk.


Hire Redeemer Cyber to perform a Microsoft 365 Security Assessment for you today!

Contact us at www.redeemercyber.com


 
 
 

Comments

Couldn’t Load Comments
It looks like there was a technical problem. Try reconnecting or refreshing the page.
bottom of page