You sign into a different Microsoft account, but Windows keeps pulling the old one back. Outlook insists on the wrong credentials. OneDrive syncs to a ghost account. Teams refuses to switch. The OS "remembers" an account you've already removed — because removing it from Settings doesn't actually remove it.
Windows scatters Microsoft account tokens, credentials, and identity data across at least five different locations. Here's how to actually clean them all out.
Why I Needed This
I had a deprecated Microsoft Office E5 developer account on my device. The old tenant was long dead, but Windows still had its credentials cached everywhere. When I set up a new Microsoft 365 tenant using the same email address, things got ugly — Outlook refused to sign in, other Microsoft services kept trying to authenticate against the old (non-existent) E5 tenant instead of the new one.
Same email, two tenants (one dead, one alive), and Windows couldn't tell the difference because it was pulling cached tokens from the ghost tenant. No amount of "sign out and sign back in" fixed it. I had to nuke every cached credential and token on the machine before Windows would let the new tenant through.
If you're in the same boat — migrated tenants, recycled an email address, or inherited a device with someone else's Microsoft account baked in — this guide is for you.
Start Here: Credential Manager (Fixes Most Cases)
Before going nuclear, try the most common fix first.
1. Open Control Panel → Credential Manager (or run control keymgr.dll)
2. Check both Windows Credentials and Generic Credentials tabs
3. Look for entries matching any of these patterns:
- MicrosoftAccount:*
- MicrosoftOffice*
- OneDrive*
- login.live.com
- login.microsoftonline.com
4. Click each matching entry and hit Remove
This is where Windows stores the actual login tokens that apps pull from automatically. Clearing these forces every app to re-authenticate from scratch.
Clear Token Broker Cache
Even after Credential Manager cleanup, Windows has a separate token caching layer — the Token Broker. This is what powers the seamless SSO experience across Microsoft apps. It's also what keeps phantom accounts alive.
Open Command Prompt as Administrator and run:
rmdir /s /q "%LocalAppData%\Microsoft\TokenBroker\Cache"
rmdir /s /q "%LocalAppData%\Microsoft\IdentityCache"
rmdir /s /q "%LocalAppData%\Microsoft\OneAuth"
These directories regenerate on next login, so deleting them is safe. You'll just need to sign in again when apps request it.
Clear Office-Specific Cache
Microsoft Office maintains its own identity cache separate from Windows. If Outlook, Word, or Excel keep reverting to the wrong account, this is why.
rmdir /s /q "%LocalAppData%\Microsoft\Office\16.0\Wef"
rmdir /s /q "%LocalAppData%\Microsoft\Office\OTele"
For a deeper clean, open Registry Editor (regedit) and delete:
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
This key stores Office's cached identity state. Removing it forces Office to re-discover accounts from scratch on next launch.
Remove Account via Settings
If you want to fully detach a Microsoft account from the machine:
Go to Settings → Accounts → Email & accounts, find the Microsoft account, and click Remove.
This removes the account association, but — and this is the frustrating part — it doesn't clear the cached tokens and credentials described above. That's why just removing the account from Settings often doesn't fix the "stuck account" problem. You need to combine this with the cache cleanup steps.
Disconnect from Azure AD / Microsoft Entra
For work or school accounts joined to Azure AD (now Microsoft Entra), the account is bound at the device level. Credential cleanup alone won't disconnect it.
Open Command Prompt as Administrator:
dsregcmd /leave
This disconnects the device from Azure AD entirely. Only do this if you intentionally want to remove the work/school account binding. You'll need to re-join if you want it back.
To verify the current join status:
dsregcmd /status
Look for AzureAdJoined : YES/NO and DomainJoined : YES/NO in the output.
Nuclear Option: Force Recovery
If nothing above works and the account is still haunting the system:
rundll32.exe WorkFoldersShell.dll,WorkFoldersSyncProviderInit
dsregcmd /forcerecovery
This forces Windows to rebuild its device registration and account state from scratch. It's the most aggressive option — essentially telling Windows to forget everything it knows about account associations and start over.
Restart after running this. The recovery process completes during the next boot cycle.
Quick Reference: What to Clear When
| Symptom | Fix |
|---------|-----|
| App keeps signing into wrong personal account | Credential Manager + Token Broker cache |
| Office apps stuck on old account | Office cache + Registry Identity key |
| OneDrive syncing to wrong account | Credential Manager (OneDrive entries) + Token Broker |
| Work/school account won't disconnect | dsregcmd /leave |
| Everything is cursed | Nuclear option + restart |
The Takeaway
Windows doesn't have a single "sign out everywhere" button. Microsoft account state is distributed across Credential Manager, Token Broker, Office identity cache, and Azure AD device registration. When an account gets stuck, you usually need to clean at least two of these locations.
Start with Credential Manager + Token Broker cache — that resolves most cases. Escalate from there only if needed. And always restart after clearing — some changes don't take effect until the next boot.
Quantum Responses