Identify exposure in 30 minutes

Exchange Online diagnostic checklist: Prevent audit findings and outages

Complete this 40+ item checklist to identify configuration gaps, security misconfigurations, and hidden threats before they trigger audit findings or user impact. Covers mail flow, Outlook connectivity, hybrid coexistence, access control, and threat indicators. Download as PDF for offline incident use. After completing: Schedule a security assessment to get remediation plan and compliance validation.

Request Exchange Security Assessment

1. General information

Collect this before any troubleshooting step.

Tenant domain: Note your onmicrosoft.com domain

Scope of impact: Single user, department, or organization-wide?

Timeline: When did the issue start? Any recent changes?

Error messages: Capture exact NDR codes, error text, or client prompts

Support reference: Any existing ticket IDs or case numbers?

4. Hybrid & mailbox move issues

Use this checklist for namespace, HCW, or migration problems.

Hybrid pre-checks

Run Hybrid Configuration Wizard (HCW) validation report

Review HCW error messages and any prerequisites unmet

Namespace & DNS

Verify split DNS is correctly configured (internal vs. external)

Confirm Autodiscover.company.com CNAME points to autodiscover.outlook.com

Check SRV records for _autodiscover._tcp.company.com

Mailbox moves

Monitor 429 throttling errors during migrations; check move statistics

Verify service account permissions (Manage Migration, MailboxMove roles)

Review migration batch size and concurrency settings

5. Security & compliance checks

Use this checklist for security events, policy violations, or compliance audits.

SPF/DKIM/DMARC: Verify authentication alignment across all sending domains

Connector TLS: Confirm TLS is enforced for inbound/outbound connectors

Anti-phish & anti-spam: Review Defender for Office 365 policies and quarantine

DLP policies: Check if policies are blocking legitimate mail

MFA enforcement: Verify MFA is enabled for all privileged accounts

Audit logs: Enable and review mailbox/admin audit logs for suspicious activity

6. Performance & quota issues

Use this checklist for slow performance, quota limits, or throttling.

Mailbox size: Check user's mailbox size vs. license quota (100 GB for most licenses)

Archive status: Confirm archive mailbox is enabled and working if near quota

Recoverable Items: Check size; may need purging within compliance constraints

Throttling / 429 errors: Check if batch operations are hitting Graph/EWS limits

Network/client: Run speed tests; check for high latency or packet loss

Next steps

Once you've completed your diagnostic, share with principal engineers for expert guidance.

Compile your findings

Gather all checked items, error messages, and key findings into a summary.

Submit to ExchangeGuardians

Get a principal response

We'll provide a root-cause analysis, production-safe fix steps, and rollback plan within 2 hours.

Request Exchange Security Assessment Browse runbooks Back home

Exchange Online diagnostic checklist: Prevent audit findings and outages

1. General information

2. Mail flow issues

Mail flow pre-checks

Inbound mail

Outbound mail

3. Outlook client issues

Outlook pre-checks

Authentication & sign-in

Autodiscover & connectivity

Outlook profiles