Microsoft 365

User Can’t Receive MFA Requests for Azure AD / Microsoft 365

Was stumpted on this one and had to get advice from Microsoft Support.

A single user couldn’t log in via Multi-Factor Authentication. SMS code would say it was sent, wouldn’t come through. Phone call also wouldn’t come through. Trying to set up another MFA method aka.ms/mfasetup would receive one of these errors:

You are blocked from performing this operation. Please contact your administrator for help.

We’re sorry, we ran into a problem. Please select “Next to try again.

There were zero search results for that first error word for word, which is never a good sign.

There’s several areas you can check for blocked users such as:

https://protection.office.com/restrictedusers

https://protection.office.com/threatincidents

https://portal.azure.com/#blade/Microsoft_AAD_IAM/SecurityMenuBlade/RiskyUsers

But I couldn’t find the user listed in any of those.

After logging a case, Microsoft Support advised to check here:

https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/BlockedUsers/fromProviders/

And of course, that’s where the user was listed. They’d had some suspicious activity (a MFA phone call they didn’t initiate) so chose the option to block future sign in attempts, as you’d hope. This also triggered an email alert to admins, and that link is where the user’s block is listed until released.

What is Microsoft Editor?

Microsoft Editor is a new tool from Microsoft, which I’d never heard of before.

Funnily enough, I found out that Microsoft Editor existed after upgrading to Windows 10 2004. One of the fifteen tips when you ‘See what else is new in this update’ after upgrading is this tip below. I couldn’t really understand what application the tip was referring to – the home tab, in Word, in browser mode via Edge?

Although I then found other tips that seemed purely Office 365 related (like PowerPoint and Excel tips) which is strange to advertise as part of a Windows 10 upgrade, the button on this tip takes you to a page that does a much better job of explaining what it is:

Microsoft Editor checks grammar and more in documents, mail, and the web

Here it explains that Microsoft Editor (which the full name wasn’t mentioned in the tip!) is an optional add-in available for Microsoft Edge and Google Chrome. It’s also coming to Word and Outlook. Also, if you log into it with an account that has a Microsoft 365 subscription, you’ll get advanced grammar and style refinements.

There’s a bit more info about the Microsoft Editor browser extension here, with direct links for the Chrome and Edge add-ons.

Once installed, you’ll have this little icon in the top bar of the relevant browser:

Clicking it will ask you to sign in:

and you can sign in with a free consumer Microsoft account, or a Work account. After signing in, the icon will turn blue, and you can click it again to see your options.

Note that it uses English (United States) as the default language, which you can change by clicking on the current language which takes you to the options:

‘Show synonyms for spelling suggestions’ is also off by default, so I’ve turned that on.

Here’s a spelling correction and a grammar correction while writing this blog post:

Spelling correction
Grammar correction

I’ll have to use it more to see how good it is, but I am happy to see hopefully a useful tool to help everyone write better. If it’s being added into Word and Outlook, there’ll be extremely elevated expectations of this solution doing its job well!

Synology DiskStation Office 365 Backup Review

Synology sent me a new DiskStation to review after I’d acquired an older one myself to look at it’s ability to back up Office 365 data (or Microsoft 365 Data as the Office 365 name seems to disappear). Being a Microsoft MVP in Office Apps and Services category, so I was very interested to see how it worked.

After reading up on and seeing that it was a completely free piece of software available as part of owning a DiskStation, I was hoping this would be a good solution at an incredibly low price – buy your DiskStation and disks, some time to set it up, and you’re done. To me, that’s already a very appealing offering, along with Synology having a good reputation for maintaining and supporting their hardware several years on – which was proved by the 7 year old DS1813+ I set up a few months ago.

I’ve left the new Intel-based DiskStation 1618+ – Quad Core CPU and 4GB RAM (expandable) running for about a month now, backing up my Microsoft 365 tenant’s data. I ticked ALL the options to see how it went. This tenant is just for me, so the data set is smaller than most tenants – but I do run a few live things through it like email and OneDrive. There’s also a little SharePoint Online data from Micrsoft 365 Groups and Teams I’ve played around with.

Here’s what the dashboard looks like now:

Some useful information there around what’s being backed up and how big it is. You might notice there’s a few errors on the summary. I drilled into those and each was because ‘The Microsoft Server is busy’, and a few minutes later it would try again successfully.

This is likely because I used a backup option to get incremental changes, rather than at a set time. Maybe I’m hitting it too much and getting blocked occasionally.


I know I’ve gotten ahead of myself here, so let’s go back to how to set this up. Assuming you have yourself a Synology DiskStation of some sort that supports ‘Active Backup for Office 365‘ – and which models are those? Here’s the list:

  • 20 series:FS6400, FS3600, FS3400, RS820RP+, RS820+, DS920+, DS720+, DS620slim, DS420+, SA3600, SA3400, SA3200D
  • 19 series:RS1619xs+, RS1219+, DS2419+, DS1819+, DS1019+, DVA3219
  • 18 series:FS1018, RS3618xs, RS2818RP+, RS2418RP+, RS2418+, RS818RP+, RS818+, DS3018xs, DS1618+, DS918+, DS718+, DS418play, DS218+
  • 17 series:FS3017, FS2017, RS18017xs+, RS4017xs+, RS3617xs+, RS3617RPxs, RS3617xs, DS3617xs, DS1817+, DS1517+
  • 16 series:RS18016xs+, RS2416RP+, RS2416+, DS916+, DS716+, DS716+II, DS416play, DS216+, DS216+II
  • 15 series:RS815RP+, RS815+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, DS415+
  • 14 series:RS3614xs+, RS3614RPxs, RS3614xs, RS2414RP+, RS2414+, RS814RP+, RS814+
  • 13 series:RS10613xs+, RS3413xs+, DS2413+, DS1813+, DS1513+, DS713+
  • 12 series:RS3412RPxs, RS3412xs, RS2212RP+, RS2212+, RS812RP+, RS812+, DS3612xs, DS1812+, DS1512+, DS712+, DS412+
  • 11 series:RS3411RPxs, RS3411xs, RS2211RP+, RS2211+, DS3611xs, DS2411+, DS1511+, DS411+, DS411+II

From the DiskStation desktop, open Package Center and follow these steps:

This was a very easy setup to do – I took screenshots of every step involved, but it barely needs an explanation for anyone who’s an admin of a Microsoft 365 Tenant.

The program will then go off and start backing up what you told it. The ‘Activities’ section of Active Backup for Office 365 will show any backups running, and you can also use the inbuilt ‘Resource Monitor’ to see upload/download speeds, disk utilization etc.

It’s also worth noting that the backup you created has an ‘account discovery’ option where it’ll find any new accounts created and automatically add them to the backup, which is great for not having to change backup settings each time you have a new user start.


Running a backup is great, but how do you restore the data? There’s a second app you’ll need, ‘Active Backup for Office 365 Portal’. Launching this will take you to a web interface where admins can browse all data, and users can browse just their own (user access can be disabled if you prefer).

On this web interface, you can then find the file(s) you want to restore, and restore them. You also get a nice timeline down the bottom so you can move backwards and forwards to see a snapshot of a certain time.

Although Mail, Calendar, Contact, and Site (SharePoint) support searching across all backups for names and contents, at the time of writing this isn’t possible for OneDrive backups. It’s worth being aware of this – if someone requests a file restore you’ll need to know exactly when from. I don’t see this as too much of an issue though, as OneDrive has great version control natively, and an automatic recycle bin – so you’d probably rely on the native solution for finding a file, but still it’s worth knowing this existing limitation.

That was the only slight negative I could find while testing. Everything else just worked, was quick to browse and restore, and incremental backups appeared to be on the DiskStation within several seconds after creating a new file in OneDrive.

Again, this is an incredibly cheap Office 365 backup solution. Some may question if you need to back up Office 365 at all. You could set up infinite retention against all content, so why take a backup? To me it’s a definite grey area, and partly depends how much you value the data. Microsoft may never lose your data, but will it be available 100% of the time? What if that important document is in your OneDrive and hadn’t synced down, and there was an outage? We’ve seen a few outages lately, including ones that have broken authentication – your data is still there, but you can’t get to it. In that scenario, having a local copy of something time sensitive could be worth it. Considering the relative low cost of buying a Synolgoy DiskStation – your disks are probably going to cost more than the unit itself, I consider it a pretty easy sell.

Microsoft Briefing Emails Are Coming

More Microsoft driven emails will be hitting your user’s mailboxes if you’re a Microsoft 365 Customer.

The last ones I wrote about were MyAnalytics, and now we have Microsoft Briefings. The first I heard about this was an admin email I received, which I think is a good idea that Microsoft are following, probably from feedback when they rolled out MyAnalytics and many IT Admins were caught unaware:

So, as you can read above, Microsoft Briefings reads what the users are up to, and presents it to them in hopefully a useful fashion to catch emails they might have missed that sound like they need actioning, will give some ideas on how someone can be more efficient and healthy etc

I received my first email today, and here’s how it looked:

I blurred out the email that I’d already actioned, and marked it as completed. Just like MyAnalytics, these emails are only visible by someone who has access to your mailbox – the emails that turn up don’t traverse the internet like other emails; instead, Microsoft are popping them up straight into the mailbox. You won’t find any mailflow trackings of these.

A user can opt out if they don’t like them, or an admin can follow the documentation to pre-emptively disable this on a user by user basis. There appears to be no org-wide setting to disable, so if you need to disable it, make sure you include it as a provisioning step for new users too. See the update at the bottom of the page.

There’s also a portal users can use to unsubscribe: https://cortana.office.com/

Once the magic Microsoft switch is set to ‘on’ for your tenant, users will get an email every day that they have some sort of content to be in the briefings email – if there’s no content, there’s no email.

Just like MyAnalytics, I recommend communicating this soon to your company that the emails are coming. Some people might not like it, but preparing staff for a something that can help them should help with adoption, rather than an out of the blue starter email.

I’m keen to see how effective the Briefings emails will be and how much value they provide. I think it’s a good idea, and as long as it works as the box describes, should add value for staff at the start of each day to remind them what they’ve got going on, and potentially pick up something they forgot to action.

Update 17th June 2020

Microsoft have listened and acted quickly – you can now toggle this feature on or off at the tenant level. To do so, go to the Microsoft 365 admin center, and under Services > Org settings, the Services tab contains the item ‘Briefing emails (Preview)’. From here, there’s your tickbox to turn it off or on.

Service health dashboard email notifications GA

Email alerts for Microsoft 365 Service Health incidents is now Generally Available! (as fellow MVP Greig Sheridan pointed out, although it’s GA, it’s gradually rolling out from December 2019 to March 2020 – but I already have this in my live tenant) In case you missed this one, there’s now an easy way to configure email alerts to go out when there’s an outage of some sort in the Microsoft 365 space.

Personally I’m used to checking out the portal once I hear about a complaint and seeing what might be broken. Instead, I’ll now see emails to keep across what’s going on in the Microsoft world, as well as have a ticket raised via email to helpdesk, so any potential user affecting outages are identified earlier in the troubleshooting process.

The advisory is MC196504 for those who want to read about it in the ‘Microsoft 365 admin center Message center’, but all you need to do to enable it is:

From the new Microsoft 365 admin center, go to Health > Service Health. Under the All services tab, click the Preferences button:

This will pop out a side window:

From this page, you can enter up to 2 email addresses – so if you want it to go to more than 2 recipients, use a distribution group. You can choose the services you want to receive alerts about (all are ticked by default), and as it will advise when saving, it may take up to 8 hours to apply.

This one’s a pretty simple feature, but one I’m very glad to see. Set it up for yourself today!