Microsoft 365

MSP Toolkit
Practical troubleshooting paths for MSP technicians dealing with real-world support failures.

What This Category Covers

Microsoft 365 tickets are usually identity, license, mailbox, policy, client, or service-health problems. Start by comparing web access against the desktop/mobile client, then check sign-in logs and service health before touching profiles.

First Layer to Isolate

Account access first, then web-versus-client behavior, then policy/licensing/service health.

Useful Tools, Logs, and Portals

  • Microsoft 365 admin center service health
  • Entra sign-in logs and Conditional Access result
  • Exchange admin center and message trace
  • Office account state, Credential Manager, Work or School accounts

Before You Escalate

  • Affected user and app are identified
  • OWA/web app test completed where relevant
  • Sign-in logs checked for timestamped failure
  • License/policy group checked
  • Recent tenant changes reviewed

Articles in This Path

Pick the closest symptom and work from there.

Authenticator number matching works but sign-in still deniedAutodiscover points Outlook to retired Exchange endpointAzure AD Connect sync errors after schema changeBreak glass account excluded from MFA cannot sign inBreak-glass account sign-in succeeds but portal access remains restrictedConditional Access policy report only mode differs from live resultEntra joined device shows compliant yet conditional access blocks sign-in from browserEntra sign-in logs show success but app still says unauthorizedGuest user redemption completes but collaboration apps still deny accessHybrid join succeeds but primary refresh token missingIdentity & MFA alerts indicate success while end-user experience never changesIdentity & MFA configuration survives testing but resets after restart or syncIdentity & MFA credential or certificate rotation breaks an existing integrationIdentity & MFA feature works in web app but fails in desktop clientIdentity & MFA healthy dashboard status masks a failing production workflowIdentity & MFA new deployment works for pilot group but not for production rolloutIdentity & MFA policy change applies in admin console but target users never receive itIdentity & MFA quarantine or protection action triggers but recovery workflow failsIdentity & MFA workflow succeeds for one account but fails for shared or delegated accessLegacy app password disabled and scanner workflow breaksLegacy authentication blocked report spikes after mailbox migration weekendM365 group created but Teams team never appearsMFA phone call option missing for one pilot group after policy changeMFA prompts delayed or never arrivingNew user signs in successfully but self-service password reset registration never completesOneDrive & SharePoint alerts indicate success while end-user experience never changesOneDrive & SharePoint configuration survives testing but resets after restart or syncOneDrive & SharePoint connector health looks normal but data stops syncingOneDrive & SharePoint credential or certificate rotation breaks an existing integrationOneDrive & SharePoint feature works in web app but fails in desktop clientOneDrive & SharePoint healthy dashboard status masks a failing production workflowOneDrive & SharePoint logging shows delivery yet the target workflow never completesOneDrive & SharePoint new deployment works for pilot group but not for production rolloutOneDrive & SharePoint policy change applies in admin console but target users never receive itOneDrive & SharePoint quarantine or protection action triggers but recovery workflow failsOneDrive & SharePoint workflow succeeds for one account but fails for shared or delegated accessOneDrive admin reports sync healthy but files missing locallyOneDrive Files On-Demand icons missing after Windows feature updateOneDrive known folder move completes but desktop files stop syncingOneDrive known folder move stalls on Desktop onlyOneDrive photo uploads saturate branch office bandwidthOneDrive shortcut to shared folder duplicates content in File ExplorerOneDrive stops syncing after device name change in EntraOneDrive sync client reports healthy while one library never updatesOneDrive sync conflict storm in shared folderOutlook alerts indicate success while end-user experience never changesOutlook archive search misses messages older than one yearOutlook attachments open in Protected View foreverOutlook cached mode shows old unread count after mailbox cleanupOutlook calendar reminders pop on one workstation hours lateOutlook configuration survives testing but resets after restart or syncOutlook credential or certificate rotation breaks an existing integrationOutlook delegate can read calendar but cannot send update responsesOutlook desktop opens to blank white window after profile sign-inOutlook feature works in web app but fails in desktop clientOutlook healthy dashboard status masks a failing production workflowOutlook logging shows delivery yet the target workflow never completesOutlook meeting updates arrive but calendar does not reflect changesOutlook new deployment works for pilot group but not for production rolloutOutlook opens attachments slowly only from encrypted messages

Outlook search returns no recent mail after mailbox move

Submitted by Anonymous (not verified) on

Field Summary

Outlook search returns no recent mail after mailbox move is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

M365 group created but Teams team never appears

Submitted by Anonymous (not verified) on

Field Summary

M365 group created but Teams team never appears is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

SharePoint file opens read-only for everyone

Submitted by Anonymous (not verified) on

Field Summary

SharePoint file opens read-only for everyone is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Azure AD Connect sync errors after schema change

Submitted by Anonymous (not verified) on

Field Summary

Azure AD Connect sync errors after schema change is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

MFA prompts delayed or never arriving

Submitted by Anonymous (not verified) on

Field Summary

Delayed or missing MFA prompts can be a user device issue, a method registration issue, Conditional Access behavior, push notification delivery, or an identity provider service problem. The fastest path is to check sign-in logs and prove whether the prompt was generated, delivered, denied, or never required.

OneDrive sync conflict storm in shared folder

Submitted by Anonymous (not verified) on

Field Summary

OneDrive sync conflict storm in shared folder is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Shared mailbox not appearing in Outlook desktop

Submitted by Anonymous (not verified) on

Field Summary

Shared mailbox not appearing in Outlook desktop is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Outlook stuck in disconnected mode after password change

Submitted by Anonymous (not verified) on

Field Summary

Outlook disconnected after a password change is usually token, cached credential, Autodiscover, Conditional Access, or local profile state. If OWA works with the new password, desktop Outlook should be treated as the suspect until sign-in logs or service health prove a wider Microsoft 365 issue.

Subscribe to Microsoft 365