I have a staff member who hasn’t been able to access their email for a few days, and in O365 their account was blocked for sign in, so I unblocked it, but then it blocked again 30 minutes later (and wouldn’t let us sign in anyway). I’m trying to figure out why this user is getting blocked. I see zero login attempts (failed or otherwise) for this user in M365.
OK, while typing this and testing things I finally realized that if I reset his password manually in O365 to match his password in AD, then I could sign in to office.com, but still couldn’t sign in to Outlook Web Access.
I haven’t seen this issue (yet) with anyone else, and we’ve been on O365 for a few years with Directory Sync for just as long. His mailbox is on-prem, but I have other on-prem users that don’t experience this. Any thoughts on how I can track this down?
Now that I’ve un-enforced MFA on his account and logged in successfully to Office.com, I see successful login attempts in the Azure AD Sign-in list.
So I guess my final questions are how can I troubleshoot why can’t he log in to his mailbox on local AD and how can I troubleshoot why his password isn’t syncing from AD?