On March 10, 2026, Microsoft’s routine Patch Tuesday security update for Windows 11 threw a wrench into daily workflows for users relying on Microsoft account sign-ins. KB5079473, intended to bolster security on versions 24H2 and 25H2, instead triggered sign-in failures across a suite of essential apps, including Teams Free, OneDrive, Edge, and Word. The issue was swiftly acknowledged, and Microsoft released a targeted fix, KB5085516, to restore access.
What Went Wrong After Installing KB5079473
The KB5079473 update introduced a security hardening change that inadvertently broke authentication for Microsoft accounts at the system level. Users reported that after the update installed and their systems rebooted, any application that required a personal Microsoft account login would fail. The impact spanned both built-in Windows apps and Microsoft 365 productivity tools:
- Microsoft Teams Free
- OneDrive
- Microsoft Edge (when syncing with a Microsoft account)
- Word, Excel, and other Office apps
- Other apps reliant on Microsoft account authentication, such as the Microsoft Store or Xbox app
Notably, the sign-in failures were specific to Microsoft consumer accounts – those ending with @outlook.com, @hotmail.com, or using non-organizational credentials. Work or school accounts using Azure Active Directory (Entra ID) were not affected, nor were devices configured with local accounts only. The error manifested in various ways depending on the app: some displayed generic “We’re having trouble signing you in” messages, while others simply hung or crashed during authentication attempts.
The update was automatically distributed via Windows Update for Windows 11 Home and Pro editions running 24H2 and the newer 25H2 release. Enterprise customers who deferred updates or managed patching through WSUS generally avoided the problem unless they explicitly approved the patch.
Who Is Affected—and Who Gets a Pass
If your device runs Windows 11 24H2 or 25H2 and you use a personal Microsoft account for login and app synchronization, you were in the blast radius. The issue was indiscriminate once KB5079473 landed – it didn’t matter whether you were a casual home user or a freelancer juggling multiple Microsoft 365 subscriptions. The common thread was the reliance on Microsoft’s consumer identity platform.
On the other hand, several groups escaped unscathed:
- Enterprise and education users: If your organization uses Azure AD or domain accounts, sign-in continued to work normally.
- Local account users: Those who sign into Windows with a local account and do not link a Microsoft account were unaffected.
- Windows 11 23H2 and earlier: Machines still on version 23H2 or Windows 10 did not receive this update, and thus were not vulnerable.
The rapid response from Microsoft suggests that the company quickly recognized the severity. Within hours of initial reports appearing on WindowsForum.com, Microsoft confirmed the issue and began rolling out a fix.
The Fix: Microsoft Rushes Out KB5085516
Late on March 10, Microsoft released an out-of-band update, KB5085516, specifically to correct the authentication flaw introduced by KB5079473. This isn’t a typical Known Issue Rollback (KIR), which often pushes temporal policy tweaks to affected devices, but a full cumulative update that replaces the problematic binaries. KB5085516 is available through the following channels:
- Windows Update: If you have automatic updates enabled, the fix should have been downloaded and installed automatically. You can manually check by going to Settings > Windows Update and clicking “Check for updates.”
- Microsoft Update Catalog: For those who need to install it manually or offline, the standalone package can be downloaded from the Microsoft Update Catalog.
- WSUS and Intune: IT administrators can approve and deploy KB5085516 through their management tools.
After installing KB5085516, no additional steps are required. The sign-in failures should be resolved immediately, and all apps should function as expected. Devices that did not install KB5079473 can safely skip KB5085516, though installing it won’t cause harm – it simply supersedes the broken update.
What to Do If You’re Still Locked Out
If you haven’t received KB5085516 automatically or are still experiencing sign-in issues, follow these steps:
-
Verify update installation
Open Settings > Windows Update > Update history. Look for KB5085516 under “Quality Updates.” If it’s not there, proceed to step 2. -
Force a check
Click “Check for updates” in Windows Update. If KB5085516 appears, install it and reboot. -
Manual download
If Windows Update doesn’t offer the fix, visit the Microsoft Update Catalog and search for KB5085516. Download the appropriate package for your system (x64, ARM64) and install it manually. -
Temporary workarounds
While waiting for the fix, you can use web-based versions of the affected apps (e.g., Outlook.com, Office.com, Teams on the web) to maintain productivity. Alternatively, if creating a local Windows account is feasible, doing so can bypass the issue entirely, though you’ll lose sync features. -
For IT administrators
If you inadvertently deployed KB5079473 across your fleet, use your patch management solution to push KB5085516 as an emergency update. Monitor the Microsoft 365 Admin Center for any related service advisories.
How We Got Here: A Recurring Patch Problem
Windows updates breaking authentication isn’t a new phenomenon. Microsoft’s complex web of interlocking components – identity providers, security policies, credential managers – can occasionally clash after a patch changes even a small part of the stack. In this case, KB5079473 likely modified cryptographic libraries or authentication protocols that Microsoft account sign-in relies on, causing a mismatch.
Similar incidents have occurred in recent memory. For example, a Windows 11 security update in October 2024 disrupted Microsoft account sign-ins for some users, which Microsoft resolved with a KIR. The difference this time was the quick pivot to a full replacement update rather than a temporary rollback – a sign that the underlying change in KB5079473 was too integral to simply toggle off.
Why did this slip past testing? The Windows Insider program, while extensive, cannot replicate every hardware and configuration combination. Additionally, the 25H2 version was relatively new at the time of the March 2026 patch, meaning its cumulative update train may not have had the same depth of real-world validation as older releases. Microsoft’s rapid fix, however, indicates that internal monitoring caught the spike in sign-in failures promptly.
Outlook: What to Watch Next
For affected users, the immediate crisis is over. But the episode underscores the importance of having a fallback when critical updates go sideways. Keep an eye on:
- Subsequent Patch Tuesdays: The April 2026 update will likely roll KB5085516 into its cumulative package, so devices that skip the out-of-band fix will get it then. Verify that no new sign-in regressions appear.
- Microsoft’s Known Issues list: The company typically documents such problems in the Windows release health dashboard. Bookmark Windows release health for early warnings.
- Backup authentication methods: Consider enabling a secondary authentication method (like a security key) or keeping a local admin account on your device for emergencies.
KB5079473 was a sharp reminder that even security updates can introduce disruptive side effects. Microsoft’s quick response with KB5085516 restored order, but the episode will likely fuel calls for more rigorous pre-release testing of patches that touch core identity components.