Skip to main content

Outlook Desktop - Repeated Sign-In Prompt (WAM BrokerPlugin Reset)

Document Type: Known Issue — Workaround
Applies To: Microsoft Outlook Desktop (Classic), Windows 10/11, Microsoft 365 / Exchange Online

Overview
This article documents a workaround for a recurring issue where Outlook Desktop prompts users to sign in repeatedly — as frequently as every 15 minutes to every hour — without retaining the session after completing authentication. This issue can affect individual users or a large number of users simultaneously across an organisation.

The Issue

Users open Outlook and are presented with a "Sign In" prompt unexpectedly. After signing in successfully, the prompt reappears again after a short period. The following self-service steps do not resolve the issue:

  • Restarting the laptop or PC
  • Signing out of Outlook and signing back in
  • Restarting Microsoft Teams or other Office apps

The issue may also surface across other Microsoft 365 services (Teams, OneDrive, SharePoint) simultaneously, as they share the same underlying authentication component.

Root Cause

Modern Microsoft 365 applications do not handle authentication directly. Instead, they delegate all sign-in and token management to a Windows OS component called Web Account Manager (WAM) and its associated background plugin: Microsoft.AAD.BrokerPlugin.

Normal Authentication Flow

User opens Outlook
       ↓
Outlook requests a token from WAM
       ↓
WAM calls Microsoft.AAD.BrokerPlugin
       ↓
Plugin communicates with Microsoft Entra ID
       ↓
Entra ID returns an OAuth access token (valid ~1 hour)
       and a refresh token (valid up to 90 days)
       ↓
WAM silently refreshes the token in the background
when it expires — user is never prompted again

User opens Outlook
       ↓
Outlook requests a token from WAM
       ↓
WAM calls Microsoft.AAD.BrokerPlugin
       ↓
Plugin communicates with Microsoft Entra ID
       ↓
Entra ID returns an OAuth access token (valid ~1 hour)
       and a refresh token (valid up to 90 days)
       ↓
WAM silently refreshes the token in the background
when it expires — user is never prompted again

What Breaks the Flow

When the Microsoft.AAD.BrokerPlugin folder becomes corrupted or enters a broken state, the silent background refresh fails. When the 1-hour access token expires, Outlook falls back to prompting the user because WAM cannot silently obtain a new one.

Known Triggers

This corruption can occur due to, but is not limited to:

    Windows OS cumulative/security updates (confirmed trigger — February 2026 Patch Tuesday, build 10.0.29510.1001 and earlier — January 2026 KB5074109)

    Incomplete or interrupted Microsoft 365 app updates

    User profile corruption

    Mid-session password or MFA changes in Entra ID

    Entra ID token store inconsistencies after account modifications

     

    This workaround applies to all of the above scenarios. If a user is experiencing the repeated Outlook sign-in prompt and no Conditional Access policy or service health incident is identified as the cause, resetting the BrokerPlugin is the recommended first-line fix.

    Back to top