August 19, 12:15pm BST

User Impact: Users may be unable to sign into Microsoft 365 desktop applications and encounter errors. More info: Multiple Microsoft 365 desktop applications are impacted, including the following:

- Microsoft Teams desktop app - Microsoft Outlook desktop app - OneDrive for Business desktop app - Microsoft Excel desktop app - Microsoft PowerPoint desktop app - Microsoft Word desktop app While we’re focused on remediation, users can sign into the web, mobile, or both applications. Admins can also work with Support to check if the affected plugin is installed, and if it's not installed, work with Support to run the following "get-appxpackage" PowerShell command in user context: Get-AppxPackage -Name "Microsoft.AAD.BrokerPlugin" If the package is missing nothing will be returned. To reinstall the package run:

Add-AppxPackage -Register "C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown. Some customers have reported the temporary mitigation steps may need to be repeated for an affected user after some time. Current status: We're continuing to treat this incident with the highest urgency and priority. We will continue actively monitoring the situation overnight while we're pursuing the root cause and making progress on remediation options. Scope of impact: The issue may potentially impact some users who are attempting to sign into Microsoft 365 desktop applications and are served through the affected infrastructure. Root cause: A web account manager plugin that facilitates desktop application authentication isn't installed on the affected user devices.

August 22, 11:35am BST

Good Morning,

Please see the latest from the Microsoft Team regarding this issue:

We have made significant progress on the various workstreams to help mitigate this issue. From these efforts we’re now providing several improved temporary mitigation options to reporting customers via support channels. In parallel, we’re continuing our work to develop effective service side mitigations to address this issue.

As part of this, we have some further validation work underway with customers who are able to reproduce the issue and the potential mitigations. So far, the test results have been positive, and we believe we have made significant progress since our last update. This work is being closely tracked by the senior leadership managing this investigation. We understand the urgency in resolving this issue and are pursuing all available paths.

August 30, 11:05am BST

Microsoft have advised that the following is the current Status of this issue: Current Status: We're broadening the scope of devices being targeted by the Windows Troubleshooter fix based on our investigation. If your organization has Windows Troubleshooter enabled, the remediation will be implemented automatically as affected devices receive the fix. However, this fix will not apply if your organization has disabled Windows Troubleshooter either by Group Policy or via Microsoft Endpoint Manager (MDM). Organizations which have disabled Windows Troubleshooter in their environment can achieve resolution by following the detailed steps provided in the More info section.

Microsoft has published a supplementary article detailing additional guidance that users may implement to resolve the issue for their affected users at scale or on a device-by-device basis: https://docs.microsoft.com/en-us/microsoft-365/troubleshoot/authentication/unable-sign-in-m365-desktop-apps

Tenable/Nessus (a third-party provider) has published more information and customer guidance in partnership with our engineering teams on a fix for this issue. Please follow the instructions in this article to mitigate the impact caused by this incident: https://community.tenable.com/s/article/Plugin-Updates-to-Address-Windows-Scan-Targets-being-left-unable-to-connect-to-Azure-Active-Directory-AAD