5 Microsoft 365 Features You’re Probably Paying For (But Not Using)
The 7 IT “Quick Fixes” That Cause Bigger Problems Six Months Later
Why Quick Fixes Are Inevitable in IT
Every IT professional knows the moment. Something is broken, or someone important is blocked, and the pressure to take action immediately overrules any idea of best practice. The business doesn’t care that the solution isn’t perfect - it just needs the problem to go away. So you apply a fix that works, make a mental note you’ll come back and tidy it up properly, and move on to the next urgent thing that requires your attention.
Most of the time, it gets forgotten about.
Six months later, that small decision resurfaces as a security gap, a compliance issue, or another inconvenience that you now need to address. Unfortunately, quick fixes have a habit of quietly becoming permanent.
Disabling MFA: When Temporary Access Becomes Permanent Risk
Disabling multi-factor authentication is one of the clearest examples. A user is locked out, often while travelling or working under time pressure, and MFA is the obstacle in the way of getting them productive again. Turning it off feels like a reasonable compromise, especially when you intend to re-enable it once the crisis passes. The problem is that once access is restored, the urgency evaporates.
There’s no alert reminding you that a security control has been removed. Unless you’ve explicitly tracked the exception (which could also be lost somewhere in your notes), it fades into the background. Months later, the account is still unprotected, nobody remembers why, and what felt like a small accommodation has become a silent vulnerability.
Local Administrator Access and Hidden Dependencies
Local administrator access follows a similar pattern. An application won’t install, a developer needs to test something, or a legacy system refuses to function without elevated rights. Granting admin access gets things moving again, and because it worked, the decision doesn’t feel dangerous.
Over time, though, that access becomes part of the user’s normal working environment. Software starts depending on it. Removing it feels risky because something might break, so it stays. Eventually, you’re not just trusting the user; you’re trusting every piece of code that runs under their profile, and the boundary you temporarily relaxed has effectively disappeared.
Email Retention and Compliance Shortcuts
Email and compliance systems are another frequent victim of expediency. When a mailbox hits limits or archiving doesn’t behave as expected, the temptation to disable retention or legal hold settings can be strong. The user problem is immediate and visible; the compliance implications feel distant and theoretical.
But those controls exist to protect the organisation, not just to frustrate administrators. Once they’re disabled, data that should be preserved may be deleted without anyone realising. When an audit or legal request finally arrives, the gap is discovered long after it can be explained or repaired.
Hardcoded Credentials and Forgotten Automation
Credentials embedded in scripts and configuration files are perhaps the most common “I’ll fix it later” decision in IT. Automation breaks, an integration fails, and hardcoding a username and password gets the process running again. It feels contained and private, especially if the script lives in a secure location.
Over time, though, that credential becomes an undocumented dependency. Nobody knows where it’s used, it never gets rotated, and when security policies change or accounts are disabled, something critical fails. The problem isn’t just the insecure practice — it’s the absence of ownership and lifecycle management.
Firewall Rules That Never Get Closed
Network access changes often follow the same trajectory. A firewall rule is added to support troubleshooting or allow a third party temporary access. The intent is always to remove it once the work is complete, but unless that removal is built into the process, it rarely happens.
The rule sits quietly, widening your attack surface and violating standards that nobody thinks to re-check. Because nothing breaks, no alarm is raised. The system appears stable right up until it isn’t.
Why “We’ll Document It Later” Never Works
Documentation is where many of these decisions become irreversible. When an issue is complex and time-consuming to resolve, writing it up can feel like an optional extra — especially when the next incident is already waiting.
The fix exists only in someone’s memory, which feels sufficient until that person is unavailable or simply forgets the details. At that point, the organisation isn’t just missing documentation; it’s missing understanding. Knowledge that isn’t written down might as well not exist.
Workarounds That Become the System
Perhaps the most subtle problem of all is the accumulation of workarounds. A system doesn’t quite meet requirements, a process is awkward, or a tool can’t be replaced easily. Instead of addressing the root cause, small compensations are added: manual steps, spreadsheets, scripts, exceptions.
Each one makes sense in isolation. Over time, they become the system. New staff struggle to learn it, failures become harder to diagnose, and what was once a temporary bridge has turned into permanent infrastructure.
The Real Reason These Problems Keep Coming Back
What ties all of these examples together isn’t negligence — it’s the absence of closure. The fix solves the immediate problem, but nothing ensures it’s revisited, reviewed, or formally accepted as permanent.
IT environments don’t usually fail because of dramatic mistakes. They fail because of dozens of small decisions that were never revisited once the pressure lifted.
How to Avoid the Six-Month IT Time Bomb
Avoiding this pattern doesn’t require perfection or endless process. It requires just enough friction to stop temporary decisions from disappearing. Time-bound exceptions, lightweight documentation, clear ownership, and periodic reviews create moments where someone is forced to ask, “Is this still necessary?”
The uncomfortable truth is that quick fixes are unavoidable. IT will always operate under constraint, urgency, and imperfect information. The real risk isn’t applying them; it’s pretending they don’t matter once the problem appears solved.
Because in six months’ time, when something strange resurfaces and nobody remembers why, it’s rarely a mystery at all. It’s just an old decision finally asking to be acknowledged.
