Outlook Desktop - Repeated Sign-In Prompt (WAM BrokerPlugin Reset)
Document Type: Known Issue — Workaround
Applies To: Microsoft Outlook Desktop (Classic), Windows 10/11, Microsoft 365 / Exchange Online
Overview
This article documents a workaround for a recurring issue where Outlook Desktop prompts users to sign in repeatedly — as frequently as every 15 minutes to every hour — without retaining the session after completing authentication. This issue can affect individual users or a large number of users simultaneously across an organisation.
The Issue
Users open Outlook and are presented with a "Sign In" prompt unexpectedly. After signing in successfully, the prompt reappears again after a short period. The following self-service steps do not resolve the issue:
- Restarting the laptop or PC
- Signing out of Outlook and signing back in
- Restarting Microsoft Teams or other Office apps
The issue may also surface across other Microsoft 365 services (Teams, OneDrive, SharePoint) simultaneously, as they share the same underlying authentication component.
Root Cause
Modern Microsoft 365 applications do not handle authentication directly. Instead, they delegate all sign-in and token management to a Windows OS component called Web Account Manager (WAM) and its associated background plugin: Microsoft.AAD.BrokerPlugin.
Normal Authentication Flow
User opens Outlook
↓
Outlook requests a token from WAM
↓
WAM calls Microsoft.AAD.BrokerPlugin
↓
Plugin communicates with Microsoft Entra ID
↓
Entra ID returns an OAuth access token (valid ~1 hour)
and a refresh token (valid up to 90 days)
↓
WAM silently refreshes the token in the background
when it expires — user is never prompted again
↓
Outlook requests a token from WAM
↓
WAM calls Microsoft.AAD.BrokerPlugin
↓
Plugin communicates with Microsoft Entra ID
↓
Entra ID returns an OAuth access token (valid ~1 hour)
and a refresh token (valid up to 90 days)
↓
WAM silently refreshes the token in the background
when it expires — user is never prompted again