← Blog

Security isn't 'set it and forget it' — and what 'drift' means for your business

Tenant Strike3 min read

Even a business that set up Microsoft 365 carefully will slowly slip out of shape. New employees, new apps, a quick fix that never got reverted — this gradual slide has a name, and it matters.

Your business set up Microsoft 365, turned on multi-factor authentication (MFA), and moved on. Good start. But that was eighteen months ago, and a lot has happened since.

What 'configuration drift' actually means

Configuration drift is the gap between how your systems were originally set up and how they look today. It's not one big mistake — it's a hundred small ones, spread out over time.

A new employee joins and gets added in a hurry; nobody checks whether their account is set up the same way as everyone else's. An outside app gets connected to your email because someone needed a quick fix — and the access never got removed. A sharing setting gets loosened for a client project, then forgotten. A contractor finishes and leaves, but their account stays active because nobody thought to disable it.

None of these feel like security decisions in the moment. They're just normal business. But each one nudges you a little further from where you started.

Why attackers care about the door that got propped open last month

Attackers — especially the automated scanning tools that probe businesses around the clock — are not looking for something exotic. They're looking for the ordinary slip: an account without MFA, a stale login that still works, a file-sharing link that was never expired.

The uncomfortable thing about drift is that you can't remember what changed. If someone asks "do we have any old contractor accounts that are still active?" the honest answer for most small businesses is "I'm not sure." That uncertainty is the gap.

The fix is a habit, not a one-time project

You don't need a security team to manage drift. You need a schedule.

Pick a cadence — quarterly is reasonable for most businesses with fewer than 50 people — and use it to check a short list of important settings:

  • Are there any active accounts for people who no longer work here?
  • Are there apps connected to your email or files that you don't recognize?
  • Does every account, including newer ones, have MFA turned on?
  • Are any file-sharing links set to "anyone with the link" with no expiry date?
  • Do any guests still have access to your Teams or SharePoint from a project that ended?

This doesn't take long. What it does require is actually doing it, on a schedule, rather than assuming everything is fine because it was fine when you set it up.

Keep a simple record

When you make a deliberate security change — enabling a setting, removing access, blocking an old sign-in method — write it down somewhere. A shared document is fine. The goal isn't bureaucracy; it's so that in six months, when someone asks "did we ever fix that?" you have an answer.

It also makes the quarterly check faster. You can see what changed on purpose, and flag anything that changed without anyone noticing.

The reassuring part

Drift is normal. Every business deals with it. The businesses that get into trouble aren't the ones that changed a setting six months ago — they're the ones that never looked back to notice. A simple habit of checking beats a sophisticated security stack that nobody monitors.

Tenant Strike connects to your Microsoft 365 in read-only mode, checks your current settings against what they should look like, and gives you a plain-English list of what has slipped and exactly how to fix it. It's a practical way to close the gap between how you set things up and how they look today — in about five minutes.

AI-researched from public sources. We label AI-assisted writing — see our trust page.

See your own risk

Want this for your own Microsoft cloud?

Tenant Strike runs 100+ read-only checks across Microsoft 365 and Azure and hands you a plain-English fix for every gap. Start a 7-day Pro trial — no credit card.