There are many tools an MSP relies on to keep clients secure, compliant, and running smoothly: Microsoft 365, Azure, Intune, Defender, and, apparently, a bright red “Not Approved” stamp.
Yes, really.
We recently bought our Managing Director a novelty stamp as a joke. It says Not Approved with a red frowny face, the kind of thing you’d expect to see in a primary school marking exercise rather than an IT governance meeting. He loved it. But then he did something very on‑brand for a man who lives and breathes process: he asked us to write a blog about why not approving things is actually essential to good governance.
And he’s right.
Because behind the humour lies a truth every organisation eventually learns: strong governance isn’t just about what you approve: it’s about what you don’t.
Here’s why the ability to confidently say “Not Approved” matters.
Every MSP and IT manager knows the scenario: someone wants to install an unvetted app, bypass MFA “just this once”, or spin up a cloud resource with no cost controls. These are the moments where a cheerful but firm “Not Approved” saves the day.
Saying no isn’t about being obstructive. It’s about protecting people, data, and budgets. As a real example, as an MSP, we hold the keys to many businesses' kingdoms. It is absolutely essential we protect this information.
When governance is weak, decisions become inconsistent. One manager approves something another rejects. One team follows policy while another improvises. Before long, you’ve got a patchwork of exceptions and a headache for IT.
A clear, consistent governance framework means:
Even if that answer is “No, and here’s why.”
Clients trust MSPs who can justify their decisions. Teams trust leaders who apply standards fairly. Regulators trust organisations that can demonstrate compliance.
A well‑reasoned “Not Approved” shows that decisions aren’t arbitrary, rather they’re grounded in policy, security, and best practice.
A good “no” doesn’t equate to a dead end. Instead, it’s an invitation to rethink.
When something is Not Approved, it often sparks:
Innovation thrives when boundaries are clear.
As an Edinburgh‑based MSP, we spend a lot of time helping organisations strengthen governance across Microsoft 365 and Azure. Tools like:
…all exist to help organisations make good decisions automatically — including the automated equivalent of stamping “Not Approved” on risky actions.
At a top level, governance should behave as a living system.
Good governance looks like a pre-deployment checklist which includes clear documentation, risk assessment, testing evidence, communication plan, a defined maintenance window and a roll-back plan (that is tried and tested!).
It looks like executing the change safely and handling rollbacks (the unsung hero of change management).
The funny thing about the “Not Approved” stamp is that it captures something important: governance doesn’t have to be dry or intimidating. It can be human, practical, and even a bit playful.
At the end of the day, governance is about people making better decisions, not about bureaucracy for its own sake. When something is approved, governance ensures it is done safely, predictably and reversibly.
And sometimes, the best way to start that conversation is with an amusing stamp. What started as a joke is a reminder of something essential:
Sometimes the most important decision you can make is the one you don’t make.
We help businesses across Scotland build governance frameworks that are:
If you’d like to explore how governance could support your organisation’s growth, security, and compliance, you can dive deeper into Microsoft governance best practices or ask us about improving governance.