The surprisingly important role of saying “Not Approved” in good governance

'Not approved' is a governance super power.

There are many tools an MSP relies on to keep clients secure, compliant, and running smoothly: Microsoft 365, Azure, Intune, Defender, and, apparently, a bright red “Not Approved” stamp.

Yes, really.

We recently bought our Managing Director a novelty stamp as a joke. It says Not Approved with a red frowny face, the kind of thing you’d expect to see in a primary school marking exercise rather than an IT governance meeting. He loved it. But then he did something very on‑brand for a man who lives and breathes process: he asked us to write a blog about why not approving things is actually essential to good governance.

And he’s right.

Because behind the humour lies a truth every organisation eventually learns: strong governance isn’t just about what you approve: it’s about what you don’t.

• Why 'Not approved' is a Governance Superpower

• The importance of governance in the Microsoft Ecosystem
• Sometimes, just say yes
• Governance over beauracracy
• Next steps

Why 'Not approved' is a governance superpower

Governance often gets framed as a set of rules, policies, and frameworks. But at its core, governance is decision‑making. And decision‑making is as much about drawing boundaries as it is about giving the green light.

Here’s why the ability to confidently say “Not Approved” matters.

1. It protects your organisation from unnecessary risk

Every MSP and IT manager knows the scenario: someone wants to install an unvetted app, bypass MFA “just this once”, or spin up a cloud resource with no cost controls. These are the moments where a cheerful but firm “Not Approved” saves the day.

• Shadow IT — Not Approved
• Unlicensed software — Not Approved
• Sign in with Outlook – Not approved
• “My cousin can host our website for free” — absolutely Not Approved
• Everyone knows the rules
• Everyone understands the process
• Everyone gets the same answer
• A safer alternative
• A more cost‑effective solution
• A more scalable approach
• A more compliant process

Saying no isn’t about being obstructive. It’s about protecting people, data, and budgets. As a real example, as an MSP, we hold the keys to many businesses' kingdoms. It is absolutely essential we protect this information.

2. It creates clarity and consistency

When governance is weak, decisions become inconsistent. One manager approves something another rejects. One team follows policy while another improvises. Before long, you’ve got a patchwork of exceptions and a headache for IT.

A clear, consistent governance framework means:

Even if that answer is “No, and here’s why.”

3. It builds trust internally and externally

Clients trust MSPs who can justify their decisions. Teams trust leaders who apply standards fairly. Regulators trust organisations that can demonstrate compliance.

A well‑reasoned “Not Approved” shows that decisions aren’t arbitrary, rather they’re grounded in policy, security, and best practice.

4. It encourages better ideas

A good “no” doesn’t equate to a dead end. Instead, it’s an invitation to rethink.

When something is Not Approved, it often sparks:

Innovation thrives when boundaries are clear.

The importance of governance in the Microsoft Ecosystem

As an Edinburgh‑based MSP, we spend a lot of time helping organisations strengthen governance across Microsoft 365 and Azure. Tools like:

• Microsoft Purview for data governance
• Azure Policy for cloud compliance
• Conditional Access for identity governance
• Intune for device governance

…all exist to help organisations make good decisions automatically — including the automated equivalent of stamping “Not Approved” on risky actions.

At a top level, governance should behave as a living system.

Sometimes, just say 'Yes'

And that’s where governance becomes even more important. Approval isn't a green light to proceed blindly. It’s a commitment to follow a controlled, predictable and reversible process.

Good governance looks like a pre-deployment checklist which includes clear documentation, risk assessment, testing evidence, communication plan, a defined maintenance window and a roll-back plan (that is tried and tested!).

It looks like executing the change safely and handling rollbacks (the unsung hero of change management).

The stamp that started a conversation

The funny thing about the “Not Approved” stamp is that it captures something important: governance doesn’t have to be dry or intimidating. It can be human, practical, and even a bit playful.

At the end of the day, governance is about people making better decisions, not about bureaucracy for its own sake. When something is approved, governance ensures it is done safely, predictably and reversibly.

And sometimes, the best way to start that conversation is with an amusing stamp. What started as a joke is a reminder of something essential:

Sometimes the most important decision you can make is the one you don’t make.

Next steps...?

We help businesses across Scotland build governance frameworks that are:

• Practical
• Secure
• Microsoft‑aligned
• Easy for teams to follow

If you’d like to explore how governance could support your organisation’s growth, security, and compliance, you can dive deeper into Microsoft governance best practices or ask us about improving governance.