What is the Sign-in diagnostic in Microsoft Entra ID?

Determining the reason for a failed sign-in can quickly become a challenging task. You need to analyze what happened during the sign-in attempt, and research the available recommendations to resolve the issue. Ideally, you want to resolve the issue without involving others, such as Microsoft support. If you are in a situation like this, you can use the Sign-in diagnostic in Microsoft Entra ID, a tool that helps you investigate sign-ins in Microsoft Entra ID.

This article gives you an overview of what the Sign-in diagnostic is and how you can use it to troubleshoot sign-in related errors.

Prerequisites

To use the Sign-in diagnostic:

  • You must be signed as at least a Global Reader.
  • With the correct access level, you can start the Sign-in diagnostic from more than one place.

How does it work?

In Microsoft Entra ID, sign-in attempts are controlled by:

  • Who performed a sign-in attempt.
  • How a sign-in attempt was performed.

For example, you can configure Conditional Access policies that enable administrators to configure all aspects of the tenant when they sign in from the corporate network. But the same user might be blocked when they sign in to the same account from an untrusted network.

Due to the greater flexibility of the system to respond to a sign-in attempt, you might end up in scenarios where you need to troubleshoot sign-ins. The Sign-in diagnostic tool enables diagnosis of sign-in issues by:

  • Analyzing data from sign-in events and flagged sign-ins.
  • Displaying information about what happened.
  • Providing recommendations to resolve problems.

From the Sign-in logs

You can start the Sign-in diagnostic from a specific sign-in event in the Sign-in logs. When you start the process from a specific sign-in event, the diagnostics start right away. You aren't prompted to enter details first.

  1. Browse to Identity > Monitoring & health > Sign-in logs and select a sign-in event.

    • You can filter your list to make it easier to find specific sign-in events.
  2. From the Activity Details window that opens, select the Launch the Sign-in diagnostic link.

    Screenshot showing how to launch sign-in diagnostics from Microsoft Entra ID.

  3. Explore the results and take action as necessary.

How to use the diagnostic results

After the Sign-in diagnostic completes its search, a few things appear on the screen:

  • The Authentication summary lists all of the events that match the details you provided.

    • Select the View Columns option in the upper-right corner of the summary to change the columns that appear.
  • The Diagnostic results describe what happened during the sign-in events.

    • Scenarios could include MFA requirements from a Conditional Access policy, sign-in events that might need to have a Conditional Access policy applied, or a large number of failed sign-in attempts over the past 48 hours.

    • Related content and links to troubleshooting tools might be provided.

    • Read through the results to identify any actions that you can take.

    • Because it's not always possible to resolve issues without more help, a recommended step might be to open a support ticket.

      Screenshot of the Diagnostic results for a scenario.

  • Provide feedback on the results to help improve the feature.

Next steps