Identity & MFA Troubleshooting

MSP Toolkit
Minimal guidance for messy support realities.
Microsoft 365

Identity & MFA Troubleshooting

Browse issue-specific guidance for Identity & MFA.

  1. Authenticator number matching works but sign-in still denied
  2. Azure AD Connect sync errors after schema change
  3. Break glass account excluded from MFA cannot sign in
  4. Break-glass account sign-in succeeds but portal access remains restricted
  5. Conditional Access policy report only mode differs from live result
  6. Entra joined device shows compliant yet conditional access blocks sign-in from browser
  7. Entra sign-in logs show success but app still says unauthorized
  8. Guest user redemption completes but collaboration apps still deny access
  9. Hybrid join succeeds but primary refresh token missing
  10. Identity & MFA alerts indicate success while end-user experience never changes
  11. Identity & MFA configuration survives testing but resets after restart or sync
  12. Identity & MFA credential or certificate rotation breaks an existing integration
  13. Identity & MFA feature works in web app but fails in desktop client
  14. Identity & MFA healthy dashboard status masks a failing production workflow
  15. Identity & MFA new deployment works for pilot group but not for production rollout
  16. Identity & MFA policy change applies in admin console but target users never receive it
  17. Identity & MFA quarantine or protection action triggers but recovery workflow fails
  18. Identity & MFA workflow succeeds for one account but fails for shared or delegated access
  19. Legacy app password disabled and scanner workflow breaks
  20. Legacy authentication blocked report spikes after mailbox migration weekend
  21. MFA phone call option missing for one pilot group after policy change
  22. MFA prompts delayed or never arriving
  23. New user signs in successfully but self-service password reset registration never completes
  24. Password writeback succeeds but users cannot unlock accounts
  25. Passwordless sign-in works on mobile but desktop browser still prompts for password
  26. Sign-in risk policy flags impossible travel after VPN rollout
  27. Teams sign-in loop after MFA enrollment
  28. Temporary Access Pass created but user cannot redeem it on first login
  29. User can enroll Microsoft Authenticator but number matching prompt never arrives
  30. User removed from MFA group but legacy sessions still prompt