The 11 PM email crisis
It's 11 PM. You have a contract that needs to be signed and emailed by 7 AM. Or your overnight team can't access their shared mailbox. Or Microsoft Teams just went dark in the middle of a critical project channel.
The instinct is to call Microsoft. That will not help you tonight.
The second instinct is to assume it's a widespread Microsoft outage and wait it out. That's often wrong too — most M365 failures small businesses experience are tenant-side, not Microsoft-side, and they're fixable tonight.
This guide walks through the diagnostic steps that determine which problem you actually have, and what to do about each one.
First: Is it Microsoft or is it you?
This is the most important question, and it has a concrete answer.
Check the Microsoft Service Health Dashboard:
- Go to status.microsoft.com — this is the public-facing status page. It shows current incidents across all Microsoft services.
- If you're an admin: log in to admin.microsoft.com, navigate to Health → Service health. This gives you more granular incident details, including your specific tenant geography.
Interpret what you find:
- A listed, active incident affecting your service: This is a real Microsoft outage. There's nothing you can fix. The question becomes: what workarounds minimize the impact until service restores?
- No active incidents listed: The problem is almost certainly on your side — tenant configuration, licensing, a recent change, or a client-side issue.
- An incident listed but marked as "Monitoring" or recently resolved: You may be in the trailing edge of a now-resolved incident. Wait 15–20 minutes, then test again.
Secondary check — is anyone else affected?
Use downdetector.com for Microsoft 365 to see real-time user reports. If there's a spike in reports in the past 30 minutes, you're likely in a real outage. If reports are flat, the problem is yours.
Tenant-side vs. Microsoft-side: the diagnostic flowchart
If Microsoft's status page shows green across the board, work through this in order:
Step 1: Can you access the M365 admin center?
Go to admin.microsoft.com from a web browser. If you can't log in at all, it's either: - A credential problem (wrong password, MFA misconfiguration) - An account that's been locked or disabled - A browser cache or cookie issue (try an incognito window or different browser)
If the admin center loads and shows your tenant is healthy, the problem is narrower than a full M365 outage.
Step 2: Can affected users access portal.office.com directly?
If Outlook desktop or the Teams app isn't working, the first diagnostic is always: "Does the web version work?"
- Web works, desktop doesn't: This is a client-side problem — Outlook profile corruption, cached credentials, client software issue, or a network proxy issue on that specific machine.
- Web doesn't work either: Move to Step 3.
Step 3: Is it affecting all users or specific users?
- All users affected: Likely a tenant-wide issue — licensing lapse, domain verification problem, or an admin-made configuration change.
- Specific users affected: User-level issues — disabled account, licensing not assigned, mailbox-specific corruption.
Step 4: Check license status
In the admin center: Billing → Licenses. If your subscription lapsed (billing failure, credit card update needed), services will stop working. This is more common than you'd expect — automatic billing failures are one of the top causes of sudden M365 outages for small businesses.
Step 5: Check recent admin activity
In the admin center: Health → Message center shows recent Microsoft-pushed changes. Compliance → Audit log shows what admin actions were taken in the past 24–72 hours. If someone changed a policy, conditional access rule, or security setting recently, that's likely your cause.
Common after-hours M365 failures and what fixes them
Email not sending or receiving (Outlook/Exchange Online)
Most common causes: - Mailbox over quota (Exchange Online Basic plans have 50 GB; older plans less) - MX record misconfiguration or recent DNS change - Transport rule blocking messages - Sender Policy Framework (SPF) / DKIM failures causing bounces
Quick diagnostics: - Check mail flow in admin center: Exchange admin center → Mail flow → Message trace - Check if your domain's MX record points to Microsoft: use mxtoolbox.com to verify
Teams not working (can't connect, messages not sending)
Most common causes: - Client-side cached credential issue - Conditional Access policy blocking the device - Network firewall or proxy blocking Teams endpoints - Teams admin policy restricting the user
Quick fix for most client-side Teams failures: 1. Clear the Teams cache: close Teams, delete the contents of %appdata%\Microsoft\Teams (Windows) or ~/Library/Application Support/Microsoft/Teams (Mac), relaunch. 2. If that doesn't work, sign out and sign back in. 3. If specific to one machine, try the Teams web app at teams.microsoft.com — if that works, it's purely client-side.
SharePoint / OneDrive sync failures
Most common causes: - Sync client conflict - Storage quota exceeded - Sensitivity label or information protection policy applied recently
Quick fix: Pause and resume sync in the OneDrive client. If files show "sync pending" for more than a few minutes, check for conflicting files (files with (conflicted copy) in the name) and resolve them.
Multi-Factor Authentication failures (users can't log in)
Most common causes: - User changed or lost their MFA device - MFA method (authenticator app, phone number) is no longer accessible - Conditional Access policy added a new MFA requirement - Microsoft Authenticator app issue
Emergency admin action: In the admin center, navigate to the specific user → Authentication methods → Manage authentication methods. Admins can add or remove MFA methods directly. For a user locked out entirely, temporarily disable MFA on their account, let them sign in, then re-enable and reconfigure.
Workarounds for real Microsoft outages
When status.microsoft.com shows an active incident, your options are limited for the core service. But there are almost always workarounds:
Exchange Online is down — email workarounds
- IMAP fallback: If your organization uses a secondary email provider or if you have email configured on a mobile device with a different sync method, those may still function
- SMS or Teams (if working): Route urgent communications through alternate channels
- Web access from different geography: Azure services occasionally fail regionally; try accessing from a mobile device on cellular (different ISP/routing) to determine if it's geographic
Teams is down — communication workarounds
- SMS / phone: For critical communications, revert to voice
- Email (if working): Use Outlook directly
- Slack, Google Chat, or any secondary chat tool if your organization has one installed
SharePoint / OneDrive is down — file access workarounds
- Locally cached files: OneDrive keeps a local cache; recent files may be accessible even if sync is down
- Email attachments of critical files sent earlier may be accessible in email
- VPN + file server: If you have an on-premises file server or NAS as a backup file repository, this is when it earns its keep
The M365 admin skills gap in small businesses
Here's an uncomfortable truth: most small businesses have no one who knows how to use the M365 admin center effectively. The platform was built for enterprise IT administrators with dedicated time and training. For a 20-person professional services firm or a restaurant group, the admin center is a foreign interface that gets visited only in emergencies.
This creates a specific vulnerability: when something goes wrong, the person who needs to diagnose and fix it doesn't have the background to navigate the admin tooling effectively. They're reading support articles, getting lost in the interface, and burning time.
An experienced engineer who lives in M365 admin tooling can diagnose most tenant-side issues in 15–20 minutes. The same diagnostic process takes 2–4 hours for someone without that background, and often ends without a resolution.
After-hours M365 support isn't just about having someone available. It's about having someone who knows the system well enough to fix it fast.
Prevention: configuration changes that eliminate most common M365 failures
The majority of after-hours M365 failures are preventable. These are the five highest-impact preventive measures:
1. Configure billing alerts
Set up billing alerts so that you're notified before a subscription lapses — not after. Admin center → Billing → Billing notifications. Add multiple contacts including someone who will see it on their phone at night.
2. Implement break-glass admin accounts
A "break-glass" account is an emergency admin account that is: - Not subject to Conditional Access policies - Uses email/password with MFA backup code (not app-based MFA) - Stored securely and used only in emergencies
This ensures that if your primary admin account is locked out, you have a path back in.
3. Set up service health email alerts
Admin center → Health → Service health → Preferences — enable email notifications for service incidents. This sends you a notification when Microsoft has an outage affecting your tenant, so you know before users start complaining.
4. Document your current configuration
Keep a record of: - Your domain and MX record settings - Which Conditional Access policies are active and what they require - Which users have admin rights - Your MFA settings and methods per user
This documentation is invaluable during an incident when you need to compare current state vs. expected state.
5. Test MFA recovery for all admin accounts quarterly
MFA lockouts are one of the most disruptive after-hours failures because they block the person who could otherwise fix everything else. Test that your break-glass account works, and that at least two administrators have working MFA methods, every 90 days.