Amazon refuses Microsoft 365 deployment because of lax cybersecurity

Inadequate logging

“This is no longer just a matter of oversight. It’s a glaring dereliction of responsibility by Microsoft, given the stakes and the lessons the industry should have internalized by now,” Blech said. “The heart of the issue lies in Microsoft’s inadequate logging and telemetry capabilities, which Amazon cited as insufficient for its security needs. This shortfall is not just a technical gap — it’s a fundamental breach of trust.”

Another cybersecurity vendor CEO is Matthew Webster, who runs Cyvergence. Webster applauded Amazon, saying that “Amazon’s efforts not only protect their own interests but also help strengthen the ecosystem for countless other companies.”

“Companies routinely conduct due diligence to protect modern infrastructure, but this case stands out because it involves two industry behemoths closely scrutinizing security. What sets Amazon apart is that their influence ensures systemic changes across Microsoft, benefiting the broader ecosystem rather than just one organization,” Webster said. “In contrast, smaller companies often request changes as part of legal contracts, but these are typically one-offs, especially in non-cloud environments. I’ve seen such approaches lead to inefficiencies and risks. When a company as large as Amazon makes a request—particularly in the cloud — it’s handled with rigor, minimizing potential issues.”