Microsoft 365 Alert – Service Degradation – Exchange Online – Some admins or users may be unable to access multiple Microsoft 365 services – ONGOING
22/10/2025 09:28:00 AM
NHSmail Reference: INC46662501
Microsoft Reference: MO1176905
Issue Status: ONGOING
Issue Description: Admins or users may be unable to access multiple Microsoft 365 services.
More info: This issue specifically affects admins and users whose service access is managed by Microsoft 365 Groups that were previously configured with the “SecurityEnabled” setting set to “True”.
While we finalise the deployment of our fix to restore the appropriate configuration for the impacted Microsoft 365 Groups, affected admins can follow the steps below to manually restore the SecurityEnabled property configuration and resolve the impact:
1. Connect to Exchange Online PowerShell with “Connect-ExchangeOnline”, then run the following command to retrieve audit logs specific to this scenario:
$AuditLog = Search-UnifiedAuditLog -Operations “Update group” -StartDate (Get-Date).AddDays(-30) -EndDate (Get-Date) -ResultSize 5000.
2. Filter logs matching the issue to gather affected group info by running the following two commands:
$GroupID = $AuditLog | % {ConvertFrom-Json $_.AuditData} | ? {($_.Actor -match “Group Configuration Processor”) -and ($_.ModifiedProperties -match “SecurityEnabled”)} | % {$_.ObjectId -replace “^.*Group_”, “”}
$GroupID | Get-UnifiedGroup -ResultSize Unlimited
3. Connect to Microsoft Graph PowerShell with Connect-MgGraph -Scope “Group.ReadWrite.All” and then run the following command to restore the SecurityEnabled property for the affected groups to True, which should remediate the impact:
$GroupID | % {Update-MgGroup -GroupId $_ -BodyParameter @{SecurityEnabled = $true}}
For further information on how to run Microsoft Graph PowerShell commands and cmdlets or guidance on connecting to Exchange Online through PowerShell, please reference the following documentation:
Current Update: 06/02/2026 08:38:00 AM – Microsoft has identified that the deployment of the fix has encountered unexpected timeout issues that’s preventing it from fully saturating all impacted Microsoft 365 Groups. While they have confirmed that the majority of groups have successfully received the fix, they are further investigating the timeout issues to identify how they can efficiently resume the deployment on the remaining impacted groups.
Scope of impact: Any admin or users attempting to access any Microsoft 365 services with the Microsoft 365 Group SecurityEnabled set to false may be impacted. This section may be updated as our investigation continues.
Root cause: A recent service operation intended to upgrade our API flow impacted Microsoft 365 Groups that were previously configured to have the “SecurityEnabled” setting enabled, switching this value back to “False” by default and resulting in impact to admins and users whose service access was being managed by the affected groups.
Next update by: Friday, February 6, 2026, at 12:30 PM UTC
