What This Category Covers
Identity tickets need sign-in evidence. Separate disabled account, password state, MFA method, Conditional Access, device compliance, risk, and token/session state before resetting credentials.
First Layer to Isolate
Exact sign-in attempt first: result, policy, method, risk, and device state.
Useful Tools, Logs, and Portals
- Entra sign-in logs
- Conditional Access report-only/result details
- Authentication methods
- Identity Protection risk
- Audit logs
Before You Escalate
- Timestamped sign-in checked
- Method and CA result captured
- Account/device state verified
- Risk state reviewed
Articles in This Path
Pick the closest symptom and work from there.
Identity & MFA quarantine or protection action triggers but recovery workflow fails
Field Summary
Identity & MFA quarantine or protection action triggers but recovery workflow fails is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. Start with the exact sign-in attempt and policy result; password resets without log evidence often create a second problem.
Identity & MFA configuration survives testing but resets after restart or sync
Field Summary
Identity & MFA configuration survives testing but resets after restart or sync is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. Start with the exact sign-in attempt and policy result; password resets without log evidence often create a second problem.
Identity & MFA workflow succeeds for one account but fails for shared or delegated access
Field Summary
Identity & MFA workflow succeeds for one account but fails for shared or delegated access is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. Start with the exact sign-in attempt and policy result; password resets without log evidence often create a second problem.
Identity & MFA feature works in web app but fails in desktop client
Field Summary
Identity & MFA feature works in web app but fails in desktop client is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. Start with the exact sign-in attempt and policy result; password resets without log evidence often create a second problem.
Identity & MFA alerts indicate success while end-user experience never changes
Field Summary
Identity & MFA alerts indicate success while end-user experience never changes is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. Start with the exact sign-in attempt and policy result; password resets without log evidence often create a second problem.
Identity & MFA credential or certificate rotation breaks an existing integration
Field Summary
Identity & MFA credential or certificate rotation breaks an existing integration is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. Start with the exact sign-in attempt and policy result; password resets without log evidence often create a second problem.
Identity & MFA new deployment works for pilot group but not for production rollout
Field Summary
Identity & MFA new deployment works for pilot group but not for production rollout is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. Start with the exact sign-in attempt and policy result; password resets without log evidence often create a second problem.
Identity & MFA healthy dashboard status masks a failing production workflow
Field Summary
Identity & MFA healthy dashboard status masks a failing production workflow is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. Start with the exact sign-in attempt and policy result; password resets without log evidence often create a second problem.
Identity & MFA policy change applies in admin console but target users never receive it
Field Summary
Identity & MFA policy change applies in admin console but target users never receive it is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. Start with the exact sign-in attempt and policy result; password resets without log evidence often create a second problem.
Guest user redemption completes but collaboration apps still deny access
Field Summary
Guest user redemption completes but collaboration apps still deny access is a Microsoft 365 ticket where the visible symptom can be misleading. When this Microsoft 365 workflow fails, separate account access, web-versus-desktop behavior, token state, licensing, Conditional Access, and service health before changing the client. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.