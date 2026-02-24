Nothing exposes a bad plan faster than following it as instructed.

So, what would you do if your boss insisted that you leave your work phone at home while you were on vacation, even though it could cause problems?

Would you push back until he listened to your point? Or would you give him what he wants and see what happens?

In the following story, one IT engineer finds himself facing this dilemma and chooses the latter.

Here’s the full story.

Bossman knows better? OK! I have been working here for a couple of years and have worked my way up from Junior support agent to a supporting engineer (experienced but not yet senior level). One of the things that started popping up in the IT landscape is the now M365 MFA we’re all so fond of having to use. The challenge was that we had no centralized phone that held these records or MFA keys for our smaller clients. Let’s say the one or two customers with M365 tenants, not the bigger 50+ clients we had under our wings. So more than two dozen of said keys were on my work-provided phone.

He argued his point, but the boss wouldn’t listen.

I went on vacation for 3 weeks, boss man was OK, but said, and I quote, ” You’re our most experienced member when it comes to this and that, as the other one left last week, can you make sure we can call you if all **** breaks loose?” I said, “Sure, I’ll bring the work mobile with me. Any time spent on work, I’ll put at the end of the vacation as compensation.” The bossman was okay, but I couldn’t bring the work phone due to insurance or some crap, I don’t remember exactly. I argued that, while I can have 2 SIM cards in my private, I wouldn’t be able to help log in or anything, or set up a VPN without my work phone, and wouldn’t have any access to the MFA keys or prompts.

Week one went off without a hitch.

He demanded that the phone stay at my home address and that I take the sim card only. Okay, boss man, you said so. So, I did what he wanted, and on the last day before leaving, I showed him that I pulled out the SIM from one and put it into my private phone, and I put my work phone inside my bag with my laptop. He was smiling and nodding, happy as a kid who got what he wanted… Week one was splendid, not a single call to my surprise.

Week two was a different story.

Week 2 was absolute ****, but not for me, 🙂 A coworker thought he could fix whatever was called in and didn’t consult me, so you know what hit the fan, alright… And not for one client… no, sir, it hit over 50% of our small customer locations. To be able to fix it directly, they needed a global admin to undo what he messed up. The problem, though, was that whatever he did messed with the partner portal settings, so he lost global admin rights there.

Luckily, another colleague was able to help.

The only way to fix that is to log in directly on the affected tenant with a global admin account…. That was set up with MFA on a mobile phone, in a bag, 500km away from me. Thankfully, a different colleague had installed break-glass accounts, but he never told anyone for fear of abuse of emergency accounts, aka using them in a nonemergency situation, which happened before, and wasn’t in the office that day and returned the next day, fixing everything. The clients didn’t notice anything major was wrong, thank God for that, but the onset of panic was real.

The boss learned his lesson.

The angry boss call lasted about 30 minutes, 20 minutes of him yelling and being in a panic.. 10 of me explaining why I couldn’t do anything. Because I followed his words to the letter, and he just made an angry bubbling noise, knowing I was right. Upon returning, we finally had a centralized password vault that I had been complaining about not having, with MFA options, and we’re allowed to bring the work phone with us. Guess he did learn something after all.

The boss asked for it. Next time, he shouldn’t assume he knows everything.

