You see a yellow banner at the top of Outlook that says Need to Reauthorize even after you have signed in successfully. This banner blocks access to your mailbox and prevents sending or receiving email. The problem is caused by a corrupted or expired authentication token that Outlook uses to verify your identity with Microsoft 365 servers. This article explains why the token fails and provides a set of targeted steps to clear the bad token and force Outlook to request a fresh one.
Key Takeaways: Clearing a Stuck Authentication Token in Outlook
- File > Account Settings > Account Settings > Repair: Runs an automated repair that reconnects Outlook to Microsoft 365 and refreshes the token.
- Control Panel > Credential Manager > Windows Credentials: Remove all cached Outlook and MicrosoftOffice16 tokens to force a fresh authentication prompt.
- Outlook.exe /cleansignin or /resetfolders: Command-line switches that clear the sign-in cache and rebuild the folder hierarchy respectively.
Why the Reauthorize Banner Appears After a Successful Sign-In
Outlook uses OAuth 2.0 tokens to authenticate with Microsoft 365. When you sign in, Azure Active Directory issues an access token and a refresh token. The access token expires after about one hour. Outlook then uses the refresh token to obtain a new access token silently. If the refresh token becomes corrupted, expires, or is revoked by an administrator, Outlook cannot get a new access token. The application then displays the reauthorize banner because it lacks a valid token to access the mailbox.
Several events can corrupt the token. A failed Windows update, a change in your password, a conditional access policy update by your IT department, or a profile migration from an older Outlook version can all invalidate the stored token. Outlook does not automatically delete a bad token. Instead it keeps trying to use it and shows the banner every time the token fails.
Steps to Force Outlook to Request a New Authentication Token
The following methods remove the corrupted token and force Outlook to go through the full sign-in flow again. Try them in the order listed.
Method 1: Run the Outlook Account Repair Tool
- Open Account Settings
In Outlook, go to File > Account Settings > Account Settings. - Select your email account
Click your Microsoft 365 or Exchange account in the list. Do not select a POP or IMAP account. - Click Repair
Click the Repair button at the top of the dialog. Outlook runs a diagnostic that checks the connection to the server and refreshes the authentication token. Follow the on-screen prompts. If prompted, sign in again with your full email address and password. - Restart Outlook
Close and reopen Outlook. The banner should disappear. If it does not, continue to Method 2.
Method 2: Clear Cached Tokens from Windows Credential Manager
- Open Credential Manager
Press Windows Key + R, type control /name Microsoft.CredentialManager, and press Enter. - Switch to Windows Credentials
Click Windows Credentials in the top navigation bar. - Find Outlook and Office tokens
Scroll down to the Generic Credentials section. Look for entries that contain:MicrosoftOffice16_Data:ADAL:MicrosoftOffice16_Data:MSA:Microsoft.Outlook.SessionManagerMicrosoft.AAD.BrokerPlugin - Remove each token
Click the arrow to expand each entry, then click Remove. Confirm the removal. Remove all entries that match the patterns above. Do not remove credentials that belong to other applications. - Restart Outlook
Close Outlook completely. Open Outlook again. You will be prompted to sign in. Enter your full email address and password. The banner should no longer appear.
Method 3: Use Outlook Command-Line Switches
- Close Outlook
Ensure Outlook is not running. Check Task Manager for any background Outlook processes. - Open the Run dialog
Press Windows Key + R. - Run the cleansignin switch
Type outlook.exe /cleansignin and press Enter. This switch removes the sign-in cache and resets the authentication state. Outlook opens and prompts you to sign in. - If the banner persists, run the resetfolders switch
Close Outlook again. Press Windows Key + R, type outlook.exe /resetfolders, and press Enter. This switch rebuilds the folder hierarchy and can clear a stuck token linked to a corrupted folder structure. - Sign in and verify
Sign in with your full email address and password. Check that the banner is gone.
Method 4: Delete and Recreate the Outlook Profile
- Open Mail Control Panel
Press Windows Key + R, type control mlcfg32.cpl, and press Enter. In older Outlook versions, use control mlcfg.cpl. - Click Show Profiles
Click the Show Profiles button. - Select your current profile
Choose the profile that shows the reauthorize banner. Click Remove. Confirm the deletion. - Create a new profile
Click Add, type a name for the new profile, and follow the Auto Account Setup wizard. Enter your email address and password. Outlook configures the account and downloads a fresh token. - Set the new profile as default
Under When starting Microsoft Outlook, use this profile, select the new profile from the dropdown. Click OK. - Start Outlook
Open Outlook. Sign in when prompted. The banner should be gone.
If the Reauthorize Banner Still Appears After the Main Fix
Outlook Shows the Banner on Every Restart
If the banner returns each time you restart Outlook, the token is being refreshed from a persistent cache that was not fully cleared. Run Method 2 again, but this time also remove credentials under the Web Credentials tab in Credential Manager. Look for entries that contain login.microsoftonline.com or outlook.office365.com. Remove those entries and restart Outlook.
The Banner Appears Only on a Shared or Delegated Mailbox
Outlook stores delegate tokens separately. Open Outlook with your primary mailbox. Go to File > Account Settings > Delegate Access. Remove the delegate, click OK, then add the delegate again. This action clears the delegate token. If the banner is on a shared mailbox, remove the shared mailbox from your profile and add it again through File > Account Settings > Account Settings > Change > More Settings > Advanced > Add.
Administrator-Enforced Conditional Access Blocks Token Renewal
If your organization uses Conditional Access policies, the token may be blocked because Outlook is not using Modern Authentication. Go to File > Account Settings > Account Settings, select your account, and click Change. In the dialog that opens, verify that Use Modern Authentication is checked. If it is grayed out, your administrator must enable Modern Authentication for your tenant. Contact your IT department.
Manual Token Clear vs Profile Rebuild: Key Differences
| Item | Manual Token Clear (Methods 1-3) | Profile Rebuild (Method 4) |
|---|---|---|
| Time required | 5 to 10 minutes | 15 to 30 minutes |
| Preserves custom settings | Yes, all signatures, rules, and settings remain | No, all profile-specific settings are lost |
| Preserves cached data | Yes, offline OST file and search index remain | No, a new OST file is created and data must re-download |
| Best for | Corrupted token after password change or update | Corrupted profile or repeated token failures |
You can now clear a stuck reauthorize banner by removing the corrupted token using Credential Manager or a command-line switch. If the banner persists, rebuilding the Outlook profile is the final option. To prevent this issue in the future, keep Outlook updated through Microsoft 365 Apps update channel and avoid switching between multiple identity providers on the same machine.