Are You Being Held Hostage by Your Microsoft Cloud Partner?

Written by: Jason Meilleur
Published: April 22, 2022


Microsoft Cloud Partners have played a key role in fueling commercial cloud growth globally by helping organizations migrate and thrive in the cloud. According to a recent survey, over 95% of Microsoft’s commercial revenue flows through the giant tech company’s partner ecosystem. Thus, if your business is already in the cloud, you cannot underscore the importance of working with a dedicated Microsoft Partner.

Assigning delegated administrative privileges to a dedicated Microsoft partner to help you fulfill your organization’s cloud obligations or needs is essential. However, it’s equally vital to have an emergency or a delegate account to which you or your in-house IT team can gain access if needed. This article will delve into the risk of delegating the administrative privileges of your cloud to multiple cloud partners.

  1. Unauthorized Access

Many Microsoft partners work on the general principle that their employees can gain access to their customers’ cloud while performing their jobs. Therefore, delegating your administrative privileges to multiple partners gives many people unrestricted access to your organization’s cloud network. This, in turn, drastically increases the cyber hackers’ chances of breaching your cybersecurity defenses.

Therefore, it would be ideal to work with just one partner and grant them role-based access to your cloud applications to mitigate the cyberattacks’ success. Delegating this restricted access enables you to protect your business’s most sensitive data while enabling your partner to only access the information they need to perform their roles. Your Microsoft Cloud Partner should merely play an advisory role and provide the support your business need.

  1. Credential Attacks

Suppose cybercriminals get hold of your organization’s cloud network login credentials. In that case, they can gain access to your Microsoft 365, SharePoint, and OneDrive, among other cloud applications, leading to a severe data breach. Since the cloud is widely used by private and public organizations globally, it has become the preferred target for credential phishing attacks. Therefore, having multiple IT or Microsoft Cloud Partners throws the cyber criminals’ chances of breaching your cybersecurity wide open.

Microsoft recommends having at least two global admins for your business to provide password backups if they’re lost and prevent credential attacks. Also, consider adding extra layers of security using multi-factor authentication for cloud users to prove who they are. In addition, encrypt your passwords with the password manager before they reach your network and create password policies and guidelines for your employees.

  1. Leakage and Data Loss

Microsoft Cloud offers businesses a large capacity to store their data and an easy and prompt way to access it. Hence, granting multiple IT and Microsoft partners easy access to your business’ cloud could lead to unintentional or intentional data leakage, detrimental to the survival of your business. More so, granting multiple partners unrestricted access to your company’s cloud network could lead to data loss via user errors, cyberattacks, or third-party systems.

Evaluating your IT or Microsoft partners’ cybersecurity and effectively cutting ties with partners that don’t meet the prerequisite security standards is crucial in preventing data loss or leakage. Additionally, conduct occasional monitoring of your cloud network access for suspicious activities to protect your business data. Finally, backup and classify your sensitive data and only grant your IT or Microsoft partners restricted access to the data when performing their duties.

  1. Email Security

Your organization’s email system is the first point of attack that cybercriminals focus their energies on when trying to breach your company’s cloud network. These cybercriminals send malicious and spam emails containing ransomware to your emailing system, which starts to attack your network once a user opens them or clicks on the links. Working with multiple Microsoft Cloud Partners increases the chances of one of their employee clicking on the emails and wreaking havoc throughout your cloud network.

Therefore, it’s imperative to advise your IT and Microsoft partners to continuously train their employees on potential cyberattacks so that they can recognize malicious emails. Blocking email attachments that often use file types synonymous with malware also helps in strengthening email security. Alternatively, you can encrypt your sensitive emails to ensure only the intended persons view email content sent to your network.

  1. Loss of Access

In the case of multiple partners controlling different parts of your Microsoft Licensing, there are certain scenarios where one partner may restrict your business from accessing Global Admin rights, which you are entitled too, and preventing you from being able to operate autonomously. We recently had this happen where our customer was simply trying to access their SharePoint, however, the Microsoft Partner that setup that part refused to give the customer Global Admin access. This is a huge red-flag! You own the licenses and tenant, and should always have Global Admin. A Microsoft Partner that is there to support you and be your trusted advisor would never restrict you from your own tenant.


In retrospect, having multiple IT or Microsoft partners to fulfill your company’s cloud obligations isn’t advisable. Giving access to your cloud network to many partners compromises your network’s cybersecurity defenses, leaving you prone to cyberattacks, data leaks, and data loss.

It would be advisable to have a dedicated partner who acts in an advisory capacity to empower your business and provide IT support when needed. Here at 360 Visibility, we are a dedicated Microsoft Cloud Partner that will help your business go from obsolete to modern with Microsoft Cloud.

Related Posts