UK’s trusted IT infrastructure partner since 2003
sales@servnetuk.com
0800 987 4111
Servnet
ConfiguratorGet in Touch
Microsoft 365 sign-in problems: how to fix them — networkMicrosoft 365 sign-in problems: how to fix them — reach
Troubleshooting

Microsoft 365 sign-in problems: how to fix them

Priya Nandakumar · Cloud Solutions Lead9 min read

When Microsoft 365 will not let you sign in, almost everything stops at once - email, Teams, files and the apps your business runs on. It is a heart-sink moment, but the causes are a short, well-worn list, and most are fixable without panic. This guide separates the simple password fixes from the security blocks that are working exactly as intended, so you fix the right thing without weakening your defences.

What a Microsoft 365 sign-in checks
4Connectionare you actually online?3Passwordcorrect, current, applied everywhere2MFAapprove on phone - second step1Risk ruleslocation / device - may block

The simple causes first

Most sign-in failures are mundane, and it is worth ruling them out before assuming the worst. Engineers always start here because these account for the bulk of cases.

  • Check the basics of the password: caps lock, the right keyboard layout, and that you are using your work email, not a personal Microsoft account.
  • Confirm you are actually online. If websites will not load, the problem is your connection, not your account - see laptop won't connect to Wi-Fi.
  • Check whether everyone is affected. If colleagues cannot sign in either, it may be a Microsoft service outage rather than your account - in which case the fix is to wait, not to keep trying.
  • Try a different device or a private browser window. If you can sign in elsewhere, the fault is the original device, which narrows it right down.

The password and account-lockout cases

If the basics are fine, the next most common cause is a genuine password problem - forgotten, expired, or recently changed and not updated everywhere. Microsoft 365 passwords can be set to expire, and a changed password that has not been applied on every device leads to repeated failed attempts.

There is an important knock-on effect: too many wrong attempts can temporarily lock the account as a security precaution, so the more you hammer at it, the longer you may be locked out. If you have forgotten the password, use the official reset process rather than guessing repeatedly. And be aware that a single old password lingering on a phone or a desktop app can quietly trigger lockouts again and again, which is why password changes must be applied across every device at once - the same trap that breaks Outlook syncing.

When the block is security doing its job

Some sign-in failures are not faults at all - they are your security working correctly, and trying to 'fix' them by switching protection off is exactly the wrong move. Microsoft 365 deliberately challenges or blocks sign-ins that look risky, and recognising this saves you from undermining your own defences.

The most common example is multi-factor authentication (MFA): after your password, you are asked to approve the sign-in on your phone or enter a code. If you have a new phone, lost the authentication app, or are not receiving the prompt, you are not locked out by a fault - you simply cannot complete the second step, and the answer is to re-register MFA, not remove it. Why this layer matters so much is covered in MFA: why passwords are not enough. Sign-ins can also be blocked by location or device rules - for instance, an attempt from an unexpected country - which is the system protecting you, and a deliberate part of a zero-trust approach.

Sign-in fix and prevention checklist
Microsoft 365 sign-in — control mapBASICCaps lock, work email, keyboard layout checkedCORENETOnline, and not a Microsoft service outageCOREPWDReset password properly, not repeated guessesCOREMFARe-register MFA on a new phone - never remove itCORESUSSuspicious sign-in: change password, tell ITPLUSBKPMFA backup method or recovery codes setPLUSMGRPasswords kept in a password managerOPT

The "suspicious sign-in" you should not ignore

Occasionally the block carries a more serious message - an unusual sign-in attempt, a warning about activity from somewhere unexpected, or a sudden demand to verify your identity. This deserves attention rather than annoyance, because it can mean someone is trying to break into the account.

If that happens, do not simply click through to make it go away. The safe response is to change the password from a device you trust, make sure MFA is switched on, and tell whoever manages your IT - a blocked attacker is a near miss, not a nuisance. Stolen Microsoft 365 logins are among the most common ways UK businesses get breached, which is precisely why these challenges exist, and why protecting that single sign-in sits at the heart of identity and access management. Strong, unique passwords stored in a password manager remove a lot of this risk at a stroke.

Stopping sign-in trouble before it starts

Most recurring sign-in pain is preventable with a little setup, and it is far less stressful than firefighting lockouts. Make sure every user has MFA registered with a backup method (a second device or recovery codes) so a lost phone does not lock them out. Use a password manager so people are not reusing or forgetting credentials. And apply password changes everywhere at once to avoid the silent-lockout trap.

When sign-in problems keep hitting the same people, or spread across the team, the cause is usually configuration - account settings, licensing, or security policies that need a steady hand rather than another reset. That is core to what our identity and access service manages, and the wider Microsoft 365 picture - including licensing lapses that can disable access entirely - is covered in our Microsoft 365 licensing guidance. Getting identity right once means staff stop losing mornings to sign-in screens.

Key takeaways
  • Rule out the simple causes first: the password, your internet connection, a Microsoft outage, or a single faulty device.
  • Repeatedly entering a wrong or old password can lock the account - reset it properly rather than hammering at it.
  • Many 'blocks' are security working correctly, like an MFA prompt you cannot complete - re-register MFA, never remove it.
  • A 'suspicious sign-in' warning is a near miss to act on: change the password from a trusted device and tell your IT support.
  • Prevent it with MFA plus a backup method, a password manager, and applying password changes across every device at once.
Frequently asked

FAQs — Microsoft 365 sign-in problems

Getting back in

I keep getting my Microsoft 365 password rejected even though it looks right - why?

Common causes are caps lock or the wrong keyboard layout, using a personal Microsoft account instead of your work email, or a password that was recently changed and not updated on this device. Repeated wrong attempts can also temporarily lock the account, so use the official password reset rather than guessing again.

I have a new phone and cannot get past the verification step - what do I do?

That is multi-factor authentication, and your new phone is not yet registered to approve sign-ins. You are not locked out by a fault - you need to re-register MFA with the new device, usually with help from whoever manages your IT or via a backup method like recovery codes. Do not try to disable MFA to get around it.

Security and prevention

Microsoft is blocking my sign-in as suspicious - is that a fault?

Usually not - it is the security system protecting your account from what looks like a risky or unrecognised attempt. If it is genuinely you, verify as prompted from a trusted device. If you did not expect it, treat it as a possible break-in attempt: change your password and tell your IT support, because stolen logins are a top way businesses get breached.

How do we stop staff being locked out so often?

Make sure every user has MFA set up with a backup method so a lost phone is not a lockout, use a password manager so credentials are not reused or forgotten, and apply any password change across every device at once. Most recurring lockouts come from old passwords lingering on a single forgotten app.

Related

Got a question this article didn't answer?

One conversation with an engineer who's done this before. No sales script.

Talk to Servnet →