Unable to sign into M365 desktop applications
Incident Report for AppRiver
Resolved
Advisory information
Title: Some users may be unable to sign into Microsoft 365 desktop applications and encounter errors
ID: MO414814

Status
Service Restored

Affected Services
Microsoft 365 suiteMicrosoft 365 suite, Microsoft 365 suite

Details
Title: Some users may be unable to sign into Microsoft 365 desktop applications and encounter errors

User Impact: Users may have been unable to sign into Microsoft 365 desktop applications and encounter errors.

More info: Microsoft 365 applications on the web and mobile apps were unaffected by this issue.

This issue only affected Windows devices. Users on an affected Windows device saw a Microsoft 365 desktop application window either close abruptly or never open with no error message or pop-up displayed to the user. In other scenarios some users saw 'Need Password' or 'There is a problem with your account' due to this issue. Impacted users were unable to connect to the affected desktop app even after attempting to login via the credential prompt, performing an app restart, or a device restart.

Affected desktop client applications on Windows devices include the following:
- Microsoft Teams
- Microsoft Outlook
- OneDrive for Business
- Microsoft Excel
- Microsoft PowerPoint
- Microsoft Word
- Microsoft OneNote

Tenable/Nessus (a third-party provider) has published more information and customer guidance in partnership with our engineering teams on a fix for this issue. Please follow the instructions in this article to mitigate the impact caused by this incident:

https://link.edgepilot.com/s/33f63c0b/QcP1-UGt-UKGYXwMeyGNnw?u=https://community.tenable.com/s/article/Plugin-Updates-to-Address-Windows-Scan-Targets-being-left-unable-to-connect-to-Azure-Active-Directory-AAD

Microsoft has published a supplementary article detailing additional guidance that users may implement to resolve the issue for their affected users at scale or on a device-by-device basis:

https://link.edgepilot.com/s/14f7865e/dl9UaYqmskSf8HM2jgwygw?u=https://docs.microsoft.com/en-us/microsoft-365/troubleshoot/authentication/unable-sign-in-m365-desktop-apps

In our investigation into this issue, impacted customers have been running the Tenable/Nessus plugin identified in the article. Tenable is a remote scanning tool that can be configured to run on your network for devices with Windows machines connected to Azure Active Directory (AAD). The Tenable/Nessus plugin identified in the article can be run via this remote scanner and may not be present or discoverable on each endpoint. Therefore, end users and admins may be unaware that their organization is leveraging Tenable for vulnerability management.

If you think your organization has affected users, please contact your enterprise IT department to determine whether Tenable is in use. If, after investigating, your organization has confirmed that they are not using the affected Tenable plugin in your environment, then you are not impacted by this event. We recommend your organization follow existing support escalation paths to address those concerns as an unrelated issue.

Final status: The Windows Troubleshooter fix has saturated across the affected environments, and organizations that have Windows Troubleshooter enabled are receiving the fix automatically. Organizations that have disabled Windows Troubleshooter either by Group policy or via Microsoft Endpoint Manager (MDM) will not receive the solution automatically and can resolve the issue by following the steps outlined in the “More info” section of this message. We understand the impact this issue has had on users in affected organizations and, in some scenarios, continues to have on some users. We encourage those users and admins for whom the remediation steps described above are not viable to reach out to Microsoft support for further assistance.

Scope of impact: The issue potentially impacted users who were attempting to sign into Microsoft 365 desktop applications and had the affected Tenable plugin running.
Root cause: A web account manager plugin that facilitates desktop application authentication becomes uninstalled on the affected user devices as an unintended side-effect, as described in the Tenable article linked above.

The Microsoft team
Posted Sep 12, 2022 - 11:38 CDT
Update
August 25, 2022 1:58 PM
Title: Some users may be unable to sign into Microsoft 365 desktop applications and encounter errors

User Impact: Users may be unable to sign into Microsoft 365 desktop applications and encounter errors.

More info: Microsoft 365 applications on the web and mobile apps are unaffected by this issue.

Users on an affected device may see a Microsoft 365 desktop application window either close abruptly or never open with no error message or pop-up displayed to the user. In other scenarios some users will see 'Need Password' or 'There is a problem with your account' due to the issue. Impacted users are unable to connect to the affected desktop app even after attempting to login via the credential prompt, performing an app restart, or a device restart.

Affected desktop applications include the following:
- Microsoft Teams desktop app
- Microsoft Outlook desktop app
- OneDrive for Business desktop app
- Microsoft Excel desktop app
- Microsoft PowerPoint desktop app
- Microsoft Word desktop app
- Microsoft OneNote desktop app

Some affected customers have reported they are not running Tenable. However, in our investigation into this issue, impacted customers have been running the Tenable/Nessus plugin identified in the article. Tenable is a remote scanning tool that can be configured to run on your network for devices with Windows machines connected to Azure Active Directory (AAD). The Tenable plugin may not be present or discoverable on each endpoint. Please contact your enterprise IT department to determine whether Tenable is in use.

Tenable/Nessus (a third-party provider) has published guidance in partnership with our engineering teams on a fix for this issue. The details of which are published in the Tenable knowledge base article below. Please follow the instructions in this article to mitigate the impact caused by this incident:

https://community.tenable.com/s/article/Plugin-Updates-to-Address-Windows-Scan-Targets-being-left-unable-to-connect-to-Azure-Active-Directory-AAD
We have published a supplementary article detailing additional guidance that users may implement to resolve the issue for their affected users at scale or on a device-by-device basis:
https://docs.microsoft.com/en-us/microsoft-365/troubleshoot/authentication/unable-sign-in-m365-desktop-apps

Current status: The Windows Troubleshoot has reached all known affected devices and our initial telemetry shows that this is successful in mitigating the issue for users in tandem with both the primary Tenable/Nessus guidance and supplementary steps provided within our own documentation. We will continue monitoring the effectiveness of these steps as the number of affected devices decreases within the environment.
Scope of impact: The issue may potentially impact users who are attempting to sign into Microsoft 365 desktop applications and have the affected plugin running.

Root cause: Our root cause investigation has concluded. A web account manager plugin that facilitates desktop application authentication becomes uninstalled on the affected user devices as an unintended side-effect as described in the Tenable article.

Next update by: We will update the communication pending additional information by either Tenable or Microsoft.
Posted Aug 25, 2022 - 14:37 CDT
Update
Title: Some users may be unable to sign into Microsoft 365 desktop applications and encounter errors

User Impact: Users may be unable to sign into Microsoft 365 desktop applications and encounter errors.

More info: Microsoft 365 applications on the web and mobile apps are unaffected by this issue.

Users on an affected device may see a Microsoft 365 desktop application window either closed abruptly or never opened with no error message or pop-up displayed to the user. In other scenarios some users will see 'Need Password' or 'There is a problem with your account' due to the issue. Impacted users would be unable to connect to the affected desktop app even after attempting to login via the credential prompt, performing an app restart, or a device restart.

Affected desktop applications include the following:
- Microsoft Teams desktop app
- Microsoft Outlook desktop app
- OneDrive for Business desktop app
- Microsoft Excel desktop app
- Microsoft PowerPoint desktop app
- Microsoft Word desktop app
- Microsoft OneNote desktop app

As a potential temporary mitigation, admins can also work with Support to check if the affected plugin is installed, and if it's not installed, work with Support to run the following "get-appxpackage" PowerShell command in user context:
Get-AppxPackage -Name "Microsoft.AAD.BrokerPlugin"

If the above package is missing nothing will be returned.
To reinstall the package run the below:
Add-AppxPackage -Register "C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown.

Please note that depending on device access management settings from your organization, the re-install package may need to be run as the logged-on user with elevated admin rights. To do this, an organization's IT admin would temporarily add the user to the local administrator group on the device (if appropriate). This can be done by going to the Local User Management window.

Some customers have reported the temporary mitigation steps may need to be repeated for an affected user after some time.

Current Status: We're monitoring the performance of our additional mitigations in partnership with reporting customers. Test results have been positive, and we believe we have made significant progress since our last update. If we determine that the provided workaround with reporting customers continues to be effective, we'll update this communication with more actionable details regarding those mitigations. We understand the urgency in resolving this issue and we continue to troubleshoot this incident at the highest priority.

Scope of impact: The issue may potentially impact some users who are attempting to sign into Microsoft 365 desktop applications and are served through the affected infrastructure.

Root cause: A web account manager plugin that facilitates desktop application authentication isn't installed on the affected user devices. Our investigation continues to progress into the underlying root cause of the given scenario.

Next update by: Monday, August 22, 2022, 11:30 AM (4:30 PM UTC)
Posted Aug 22, 2022 - 06:30 CDT
Update
Some users may be unable to sign into Microsoft 365 desktop applications and encounter errors
MO414814

August 19, 2022 2:29 PM

Title: Some users may be unable to sign into Microsoft 365 desktop applications and encounter errors

User Impact: Users may be unable to sign into Microsoft 365 desktop applications and encounter errors.

More info: Multiple Microsoft 365 desktop applications are impacted, including the following:

- Microsoft Teams desktop app

- Microsoft Outlook desktop app

- OneDrive for Business desktop app

- Microsoft Excel desktop app

- Microsoft PowerPoint desktop app

- Microsoft Word desktop app

While we’re focused on remediation, users can sign into the web, mobile, or both applications.

Admins can also work with Support to check if the affected plugin is installed, and if it's not installed, work with Support to run the following "get-appxpackage" PowerShell command in user context:Get-AppxPackage -Name "Microsoft.AAD.BrokerPlugin"

If the package is missing nothing will be returned.

To reinstall the package run:Add-AppxPackage -Register "C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown.

Please note that this may need to be run as the logged on user with elevated admin rights. To do this, an organization's IT admin needs to add the user to the local administrator group on the device. This can be done by going to the Local User Management window.

Some customers have reported the temporary mitigation steps may need to be repeated for an affected user after some time.

Current status: Through our review of the gathered diagnostic data, we’ve eliminated several potential causes of this issue and are making progress toward a viable mitigation strategy. Our efforts to review file handle tables from within the Kernel Dump logs are ongoing. Furthermore, we're continuing to collaborate with impacted customers to run process monitoring tasks to assist in isolating the source of the issue, and we've recently developed additional monitoring tools to aid in this effort.

Scope of impact: The issue may potentially impact some users who are attempting to sign into Microsoft 365 desktop applications and are served through the affected infrastructure.

Root cause: A web account manager plugin that facilitates desktop application authentication isn't installed on the affected user devices.
Posted Aug 19, 2022 - 14:59 CDT
Identified
Some users may be unable to sign into Microsoft 365 desktop applications and encounter errors
MO414814

August 19, 2022 11:51 AM · Quick update

We continue to review Kernel Crash Dumps and DiagTrack logging to assist in identifying which service or process is holding a lock on a metadata folder. This quick update is designed to give the latest information on this issue.
Posted Aug 19, 2022 - 11:59 CDT
Investigating
Some users may be unable to sign into Microsoft 365 desktop applications and encounter errors

MO414814, Last updated: August 19, 2022 1:19 AM

Estimated start time: August 16, 2022 6:46 PM

Affected services
Exchange Online, Microsoft 365 Apps, Microsoft 365 suite, Microsoft Teams, OneDrive for Business

Issue type
Incident

Issue origin
Microsoft

Status
Service degradation

User impact

Users may be unable to sign into Microsoft 365 desktop applications and encounter errors.

All updates

August 19, 2022 1:19 AM

Title: Some users may be unable to sign into Microsoft 365 desktop applications and encounter errors User Impact: Users may be unable to sign into Microsoft 365 desktop applications and encounter errors. More info: Multiple Microsoft 365 desktop applications are impacted, including the following: - Microsoft Teams desktop app - Microsoft Outlook desktop app - OneDrive for Business desktop app - Microsoft Excel desktop app - Microsoft PowerPoint desktop app - Microsoft Word desktop app While we’re focused on remediation, users can sign into the web, mobile, or both applications. Admins can also work with Support to check if the affected plugin is installed, and if it's not installed, work with Support to run the following "get-appxpackage" PowerShell command in user context:Get-AppxPackage -Name "Microsoft.AAD.BrokerPlugin" If the package is missing nothing will be returned. To reinstall the package run:Add-AppxPackage -Register "C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown. Some customers have reported the temporary mitigation steps may need to be repeated for an affected user after some time. Current status: We're continuing to treat this incident with the highest urgency and priority. We will continue actively monitoring the situation overnight while we're pursuing the root cause and making progress on remediation options. Scope of impact: The issue may potentially impact some users who are attempting to sign into Microsoft 365 desktop applications and are served through the affected infrastructure. Root cause: A web account manager plugin that facilitates desktop application authentication isn't installed on the affected user devices. Next update by: Friday, August 19, 2022, 12:00 PM (5:00 PM UTC)
Posted Aug 19, 2022 - 08:39 CDT
This incident affected: Office 365.