Back to Announcements

Microsoft 365 Alert – Service Degradation – Exchange Online – Some admins or users may be unable to access multiple Microsoft 365 services – ONGOING

Announcements Arpan Das

22/10/2025 09:28:00 AM

NHSmail Reference: INC46662501

Microsoft Reference: MO1176905

Issue Status: ONGOING

Issue Description: Admins or users may be unable to access multiple Microsoft 365 services.

More info: This specifically impacts Microsoft 365 services that have the SecurityEnabled property changed to False by the Group Configuration Processor.

While we work on deploying our fix to update the SecurityEnabled property from False to True, admins can run the following cmdlets to mitigate the impact.

1. Connect to Exchange Online PowerShell with “Connect-ExchangeOnline”.

Reference: https://learn.microsoft.com/en-us/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps

2. Run Search-UnifiedAuditLog and retrieve audit logs:

$AuditLog = Search-UnifiedAuditLog -Operations “Update group” -StartDate (Get-Date).AddDays(-30) -EndDate (Get-Date) -ResultSize 5000

3. Filter logs matching the issue and replace “Group_” in ObjectID:

$GroupID = $AuditLog | % {ConvertFrom-Json $_.AuditData} | ? {($_.Actor -match “Group Configuration Processor”) -and ($_.ModifiedProperties -match “SecurityEnabled”)} | % {$_.ObjectId -replace “^.*Group_”, “”}

* Because ObjectID from UnifiedAuditLog starts with “Group_”, it cannot be used directly with Get-UnifiedGroup.

4. You can verify each group info to see which ones were affected with the following command:

$GroupID | Get-UnifiedGroup -ResultSize Unlimited

5. Connect to Microsoft Graph PowerShell with Connect-MgGraph -Scope “Group.ReadWrite.All”.

Reference: https://learn.microsoft.com/en-us/powershell/microsoftgraph/authentication-commands?view=graph-powershell-1.0

6. Update SecurityEnabled to True:

$GroupID | % {Update-MgGroup -GroupId $_ -BodyParameter @{SecurityEnabled = $true}}

Current Update: 01/12/2025 08:58:00 AM Microsoft have deployed a part of the fix and have also successfully tested the remaining part of the fix which is being deployed to the affected infrastructure. They anticipate that this should complete by their next scheduled update.

Scope of impact: Any admin or users attempting to access any Microsoft 365 services with the Microsoft 365 Group SecurityEnabled set to false may be impacted.

Root cause: A recent change caused a misconfiguration, which led to the Microsoft 365 Group SecurityEnabled being changed to false as default, resulting in impact.

Next update by: Friday, December 5, 2025, at 3:30 PM UTC

back to top