Microsoft 365
Identity & MFA Troubleshooting
Browse issue-specific guidance for Identity & MFA.
- Authenticator number matching works but sign-in still denied
- Azure AD Connect sync errors after schema change
- Break glass account excluded from MFA cannot sign in
- Break-glass account sign-in succeeds but portal access remains restricted
- Conditional Access policy report only mode differs from live result
- Entra joined device shows compliant yet conditional access blocks sign-in from browser
- Entra sign-in logs show success but app still says unauthorized
- Guest user redemption completes but collaboration apps still deny access
- Hybrid join succeeds but primary refresh token missing
- Legacy app password disabled and scanner workflow breaks
- Legacy authentication blocked report spikes after mailbox migration weekend
- MFA phone call option missing for one pilot group after policy change
- MFA prompts delayed or never arriving
- New user signs in successfully but self-service password reset registration never completes
- Password writeback succeeds but users cannot unlock accounts
- Passwordless sign-in works on mobile but desktop browser still prompts for password
- Sign-in risk policy flags impossible travel after VPN rollout
- Teams sign-in loop after MFA enrollment
- Temporary Access Pass created but user cannot redeem it on first login
- User can enroll Microsoft Authenticator but number matching prompt never arrives
- User removed from MFA group but legacy sessions still prompt