Microsoft 365 Login Problems? A Complete Diagnosis Guide for Work Accounts

When Microsoft 365 login breaks, it usually breaks everywhere at once. Outlook stops accepting your password. Teams shows a sign-in screen. Word asks for credentials every time you open a document. The frustrating part: the password is almost never the actual problem. Here's the diagnostic tree that gets you back in fast — without spending half a morning guessing.

Why Microsoft 365 sign-in fails in the first place

Microsoft 365 (formerly Office 365) signs you in once and shares that identity across every Office app using tokens. When the sign-in chain breaks, it's almost always one of these six things:

• Your device has lost its trust state with Azure AD.
• A cached credential in Windows is stuck and wrong.
• Your MFA setup needs re-verification (often after an Authenticator reinstall or phone change).
• A Conditional Access policy is silently blocking the sign-in.
• Your account is locked for security reasons.
• The network is intercepting Microsoft's auth endpoints.

Figuring out which one is in play is the whole job. Work through the steps below in order — they're sequenced so you rule out the cheap fixes first.

Step 1: Prove the account itself works (30-second test)

Before assuming Office is broken, confirm the credentials work somewhere. Open a browser and go to:

https://outlook.office.com

Sign in there. One of three things happens:

• You're in. The account and password are fine. The problem is on your device or in a desktop app. Continue to Step 2.
• "Incorrect password." Reset at passwordreset.microsoftonline.com (or ask IT to reset for you, depending on your org's setup).
• Blocked at MFA. Your second factor isn't working. Use the "I can't access my authenticator" link to enroll a new one, or contact your IT admin to reset MFA.

That single test rules out an entire category of possible causes. Don't skip it.

Step 2: Wipe cached Office credentials

If browser sign-in works but desktop apps don't, the cached tokens on your machine are the issue. This is the most reliable single fix for Microsoft 365 sign-in trouble.

1. Close every Office app — Outlook, Word, Excel, PowerPoint, Teams. Check Task Manager and end any leftover background processes.
2. Open Control Panel → User Accounts → Credential Manager.
3. Click Windows Credentials.
4. Delete entries starting with:
   • MicrosoftOffice16_Data:
   • MS.Outlook
   • MicrosoftOfficeIdentity
   • Your email address
5. Also check Generic Credentials — newer Office builds occasionally put entries there instead.
6. Restart the PC.
7. Open Word, sign in fresh, complete any MFA prompts. Outlook and Teams pick up the new identity automatically.

Step 3: Sign out of Office and back in once, everywhere

Office shares one identity across all apps. A clean sign-out resets every app at the same time.

1. Open Word.
2. Click File → Account → Sign out.
3. Close every Office app and Teams.
4. Reopen Word, sign in.
5. Open Outlook and Teams — they sync the new identity without re-prompting.

Step 4: Check device trust with dsregcmd

For corporate machines joined to Azure AD, your device has its own identity registered with the cloud. If that registration has broken, tokens can't refresh because the device can't prove it's still itself.

Open Command Prompt as administrator and run:

dsregcmd /status

Look for these lines in the output:

• AzureAdJoined : YES — the device is registered with Azure AD.
• Under SSO State: AzureAdPrt : YES — there's a valid primary refresh token.

If AzureAdPrt says NO, that's why apps keep re-prompting. To force a fresh PRT:

1. Open Settings → Accounts → Access work or school.
2. Click your work account → Info.
3. Click Sync at the top.
4. If that doesn't help: scroll to the bottom of the same screen, click Sign out on the work account specifically (not the whole device).
5. Restart Windows. Sign back in.

That regenerates the device-to-Azure trust from scratch. Run dsregcmd /status again to confirm.

Step 5: Quick Repair of Office

If credentials and trust are both clean and sign-in still fails, the Office installation might be the issue.

1. Open Settings → Apps → Installed apps.
2. Find Microsoft 365 or Microsoft Office.
3. Click the three-dot menu → Modify.
4. Choose Quick Repair. 2–5 minutes.
5. If sign-in still fails, repeat with Online Repair. That downloads a fresh Office install — about 30 minutes — and fixes things Quick Repair misses.

Documents and settings are not affected by either.

Step 6: Test on a different network

Corporate networks sometimes inspect HTTPS traffic for security. When they do, Office often refuses to sign in because the certificate it sees doesn't match what it expects.

Quick test: switch to your phone's hotspot or any non-work network, then try sign-in. If it works on the hotspot but not on the office Wi-Fi, ask IT to whitelist these endpoints from SSL inspection:

• login.microsoftonline.com
• autodiscover.outlook.com
• outlook.office365.com
• *.officeapps.live.com

Step 7: Have IT check the Azure AD sign-in logs

This needs admin access. The Azure AD sign-in logs show every authentication attempt for your account with the exact reason it failed:

• "Conditional Access requires multi-factor authentication" — MFA isn't completing for some reason.
• "Device is not compliant" — your device has fallen out of Intune compliance.
• "User account is locked" — too many failed attempts; usually self-clears in 30 minutes.
• "Sign-in was blocked by risk policy" — Microsoft's risk engine flagged the attempt; admin can unblock.

That one piece of information turns a vague "I can't sign in" into a precise fix. The 10 minutes IT spends checking the log saves you a day of guessing — make sure you ask for it instead of just describing the symptom.

Common error codes and what they actually mean

• AADSTS50034 — User doesn't exist in this directory. Typo, or you're signing into the wrong tenant.
• AADSTS50058 — Token expired and silent refresh failed. Clear Credential Manager (Step 2).
• AADSTS50053 — Account locked due to too many failed sign-ins. Wait 30 minutes.
• AADSTS50076 — MFA required but not satisfied. Re-enroll the authenticator.
• AADSTS53003 — Blocked by Conditional Access policy. IT investigates.
• AADSTS50126 — Wrong username or password. Confirm the username first; sometimes people sign in with the wrong UPN.
• AADSTS70044 — Sign-in session expired; re-sign-in needed.

Last resort: new Windows profile

If everything above fails, the Windows profile itself is probably corrupted. Create a new local user account, sign in as that user, and try Office. If it works, copy your data across and use the new profile going forward.

The short version

Clear cached credentials, sign out of Office and back in, run dsregcmd /status to verify device trust, Quick Repair Office. Eight out of ten cases resolve in the first two steps. Save this article — next time a colleague says "Office 365 isn't letting me sign in," you can walk them through it in five minutes.