Fast symptom-to-solution mapping prevents extended downtime

Exchange Online Issues: Start from what's broken, resolve in minutes

Jump directly from user-reported symptoms to diagnostic guides and safe remediation. Each path includes business impact assessment, average resolution time (15–30 minutes for common issues), and rollback procedures. Prevent $5K–$50K+ per incident through rapid diagnosis authored by principal engineers. For detailed procedures, see our runbooks and diagnostic guides.

Request Exchange Security Assessment Browse runbooks

Issue library

Symptom → signals → likely cause → production-safe fix. Includes validation and rollback triggers.

Mail flow

Mail not received / NDRs

Signals: 4xx/5xx NDRs, queued inbound mail, TLS handshake failures, spam/transport rule rejects.

  • MX and auth: confirm MX to Microsoft 365; validate SPF/DKIM/DMARC alignment.
  • Connectors: check inbound connector scope, certificate/TLS, and accepted domains.
  • Trace: run message trace, map error codes (5.7.708, 5.7.57, 4.4.62) to actions.
  • Policy: review transport/anti-spam rules and malware actions; retest with controlled sender.
  • Rollback: revert connector or rule changes; keep records of previous config.

Validation: send signed test from external domain; confirm delivery and headers.

Escalate mail flow
Clients

Outlook modern auth prompts

Signals: repeated auth prompts, fallback to basic auth, conditional access failures, or MAPI/HTTP errors.

  • Tenant posture: verify modern auth enabled; disable legacy protocols if unused.
  • Profiles: clear cached creds; create fresh profile; ensure autodiscover resolves cloud endpoint.
  • CA alignment: ensure CA grant/require MFA rules do not conflict with device state.
  • Token health: check sign-in logs for AADSTS errors; remediate device compliance mismatches.

Validation: sign-in via OWA and Outlook; confirm stable token refresh.

Check Autodiscover next
Clients

Autodiscover drift

Signals: profile creation fails, wrong endpoint, SCP override, certificate mismatch.

  • DNS: verify CNAME to autodiscover.outlook.com or SRV fallback; clear stale zones.
  • Hybrid: validate certificates and names on published endpoints; renew misaligned certs.
  • Clients: remove stale SCPs; test with Microsoft Remote Connectivity Analyzer.
  • Namespace: ensure split-brain DNS is consistent; avoid wildcard conflicts.

Validation: new profile resolves Outlook endpoints; connection status shows EXPR.

Stabilize clients
Storage

Mailbox quota blocking mail

Signals: send/receive blocked, quota warnings, Recoverable Items growth, litigation hold constraints.

  • License: increase mailbox size; enable archive and auto-expanding archive.
  • Retention: apply retention and cleanup policies aligned with legal holds.
  • Recoverable Items: clear within hold constraints; monitor growth.

Validation: confirm send/receive resumes; monitor size trend and alerts.

See quota runbook
Performance

Throttling / 429s

Signals: EWS/Graph 429 or 503, slow migrations, stalled mailbox moves, or API backoff headers.

  • Concurrency: distribute workload; follow Microsoft guidance on parallel moves.
  • Backoff: implement exponential backoff and respect Retry-After headers.
  • Scheduling: run heavy jobs in approved windows; monitor Graph and EWS limits.
  • Scope: avoid single service account overuse; rotate with proper throttling policies.

Validation: reduced 429s/503s; stable migration throughput.

Plan migration strategy
Hybrid

Hybrid namespace / HCW fallout

Signals: free/busy failures, wrong routing, hybrid mail flow errors, mismatched namespaces.

  • HCW validation: rerun HCW checks; verify connectors, certs, and accepted domains.
  • Namespace: align internal/external URLs, Autodiscover, and SPF for coexistence.
  • Certificates: validate SANs and expiry; enforce TLS with correct CN/SAN.
  • Routing: confirm transport rules and connectors are scoped correctly.

Validation: free/busy works both ways; mail routes via intended path.

Fix hybrid health

FAQ

Fast answers to unblock triage.

Why is Exchange Online not receiving emails?
Check MX routing to Microsoft 365, inbound connector configuration, and message trace for rejections or throttling. Validate SPF/DKIM and review service health.
How to stop Outlook from repeatedly asking for a password?
Enable modern authentication, clear cached creds, repair the profile, and ensure Conditional Access policies are not conflicting.
How do I fix Autodiscover errors?
Validate Autodiscover DNS, certificates on hybrid endpoints, and test using the Remote Connectivity Analyzer.
What to do when a mailbox quota is exceeded?
Increase quota via licensing, enable archive, apply retention, and clean recoverable items respecting holds.
How to address throttling problems?
Spread load, use backoff, schedule during off-peak, and align with EWS/Graph limits.

Need hands-on remediation?

Engage principal engineers for secure, rollback-ready fixes.

Request Exchange Security Assessment See services Browse troubleshooting guides