ACSC Logo
© 2026 GEMXIT
GEMXIT Logo
Conditional Access • MFA • Exceptions

Just This One Exception

A briefing on one of the most common ways strong environments weaken over time: temporary exceptions that stay long after the reason for them has disappeared.

Discuss your environment Back to briefings
Agent Foskett Just This One Exception briefing
Briefing summary

The environment still looked secure overall, but one “temporary” exception quietly reduced protection across the tenant for months.

Exception added
Never reviewed
Security quietly weakened

What happened

Security rarely weakens all at once. It erodes through exceptions.
A strong environmentPolicies, MFA, Conditional Access and Zero Trust principles were all present and working.
The weak pointA temporary Conditional Access exclusion was added to help one user work while travelling. It was never reviewed, never removed and remained in place far longer than intended.
Lesson learnedEvery exception needs a reason, a documented risk and a review date. Attackers do not need zero-days when forgotten exceptions are already there.
Need help reviewing Conditional Access and MFA exclusions?
GEMXIT helps identify temporary access decisions that quietly weaken Microsoft security over time.
Contact GEMXIT
ACSC Logo  GEMXIT PTY LTD   GEMXIT UK LTD   © GEMXIT 2026

Agent Foskett Just This One Exception

This Agent Foskett cyber briefing covers Conditional Access exclusions, temporary MFA bypasses and exception management in Microsoft environments.

It highlights how small shortcuts can quietly weaken Zero Trust controls.