KB5079473 Update Breaks Microsoft Account Sign-ins on Windows 11

Overview of KB5079473 Sign-in Failures

Microsoft has officially acknowledged a widespread issue where the March 2024 cumulative update for Windows 11, specifically identified as KB5079473, is causing significant disruption to Microsoft account (MSA) authentication. According to BleepingComputer, users are finding themselves unable to sign into critical productivity applications such as Microsoft Teams, OneDrive, and Outlook after installing the update. This issue primarily impacts systems running Windows 11 versions 22H2 and 23H2.

While this is categorized as a quality-of-life and usability defect rather than a specific security CVE, the operational impact is severe for organizations that rely on cloud-integrated services. The SOC and help desk teams have reported a surge in tickets related to ‘0x80070005’ errors, which typically indicate an access-denied state during the token acquisition process.

Technical Analysis of Authentication Issues

The root cause appears to involve a failure in the Microsoft Account Sign-in Assistant or the underlying identity provider (IdP) services on the local machine. When a user attempts to launch an application requiring authentication, the system fails to refresh or validate the user’s session token. In many cases, the application displays a generic ‘Something went wrong’ message, or prompts the user to sign in repeatedly in an infinite loop.

The KB5079473 Windows 11 update impact extends beyond just third-party applications, affecting first-party OS components like the Microsoft Store and the Windows ‘Your Phone’ integration. From a technical standpoint, the error code 0x80070005 suggests that the update may have inadvertently modified permissions on the folders where the Web Account Manager (WAM) or the Microsoft.AAD.BrokerPlugin stores temporary authentication artifacts. This prevents the system from reading the necessary identity secrets to establish a secure session.

Identifying and Remediating the Microsoft Teams sign-in error March 2024 update

For administrators monitoring their environment via a SIEM or endpoint management tool, identifying affected machines is the first priority. Look for event logs indicating failed authentication requests specifically following the installation timestamp of KB5079473. Because this issue can manifest as a pop-up prompt, it is vital that users do not mistake these legitimate (albeit broken) system prompts for Phishing attempts, which could lead to further credential risk if users attempt to input passwords into non-standard interfaces in an attempt to fix the problem themselves.

To address the issue, Microsoft recommends a few workarounds. For some users, signing out of the Microsoft account entirely through the Windows Settings menu and then signing back in can re-trigger the token generation process. However, in enterprise environments where Zero Trust principles are enforced, these manual overrides may be blocked by conditional access policies if the device state is perceived as ‘unhealthy’ due to the update.

If manual re-authentication fails, the most reliable method for how to fix KB5079473 sign-in issues is to uninstall the cumulative update. This can be performed via the ‘Uninstall updates’ section in the Windows Update settings or by using the following command in an elevated prompt:

wusa /uninstall /kb:5079473

Long-Term Remediation and Mitigation

Administrators should monitor their EDR solutions for any anomalous behavior following the rollback to ensure that system stability is maintained. Microsoft is currently working on a permanent resolution, which will likely be delivered in a future ‘out-of-band’ update or the next monthly ‘Patch Tuesday’ cycle.

In the interim, organizations should pause the deployment of KB5079473 across their fleet. If the update has already been staged for deployment via Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager, it should be marked for removal or ‘Declined’ to prevent further impact on user productivity. Ensuring that users have clear guidance on how to report these specific sign-in errors will help the security team differentiate between update-related bugs and potential account compromise attempts.