When managing a mixed fleet of Windows and Mac devices, OneDrive may use the wrong Microsoft 365 account at startup on Windows machines. This happens when the Windows Credential Manager stores cached credentials from a previous user session or from an automated deployment script that passed the wrong user principal name. The symptom is that OneDrive opens with a different user’s files or prompts for credentials repeatedly, even though the correct account was used during initial setup. This article explains the root cause in Windows credential caching for Mac-managed fleets, provides a step-by-step checklist to force the correct account, and covers related failures like stale tokens and silent sign-in loops.
Key Takeaways: Fixing OneDrive Wrong Account on Windows Startup in Mac-Fleet Environments
- Windows Credential Manager > Windows Credentials > OneDrive Cached Credentials: Remove stale or wrong account tokens to force a clean sign-in prompt.
- OneDrive Settings > Account > Unlink This PC: Resets the local OneDrive identity without deleting files, then triggers a fresh authentication flow.
- Microsoft 365 admin center > Health > Service Health > OneDrive for Business: Verify tenant service status and check for known authentication issues affecting mixed-platform deployments.
Why OneDrive Uses the Wrong Account at Startup on Windows Machines in a Mac Fleet
When an organization manages devices primarily through Mac management tools, such as Jamf Pro or Microsoft Intune for macOS, Windows machines in the same tenant may receive inconsistent OneDrive configuration profiles. The core problem is that Windows Credential Manager stores a cached token for the first account that authenticated with OneDrive. If a deployment script or a shared device scenario passes a generic or service-account credential, Windows saves that token and presents it at every startup.
OneDrive on Windows uses the Windows Credential Manager vault to store OAuth tokens for the Microsoft 365 account. Unlike macOS, which stores tokens in the system Keychain per user, Windows stores them globally per machine if the account is added via a provisioning package or a domain-joined user template. When a Mac management tool pushes a OneDrive configuration XML that includes a user principal name, that UPN gets cached in Windows Credential Manager. Subsequent logins by the correct user do not overwrite this cached entry automatically because the credential vault treats the first entry as authoritative.
The Role of Credential Manager and Registry Persistence
Windows Credential Manager stores credentials under the “Windows Credentials” section. OneDrive entries are labeled with names like MicrosoftOffice16_Data:ADAL:<tenantID> or OneDrive:ADAL:<tenantID>. These entries contain the OAuth refresh token and the user identifier. When OneDrive starts, it reads this vault before showing a sign-in prompt. If the vault contains a token for a different user, OneDrive uses that token silently and loads the wrong account’s files.
Additionally, the registry key HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\Business1 stores the current user’s account ID. If a provisioning script sets this key to a generic account UPN, OneDrive will use that value even after the correct user signs in interactively. The registry key takes precedence over a fresh sign-in in some build versions of OneDrive.
Checklist to Force OneDrive to Use the Correct Account at Windows Startup
Follow these steps in order on each Windows machine that displays the wrong OneDrive account at startup. Perform these steps as the user who needs the correct account, not as an administrator, unless otherwise noted.
- Quit OneDrive completely
Right-click the OneDrive cloud icon in the system tray and select Quit OneDrive. Confirm that no OneDrive process is running in Task Manager. If the process restarts automatically, usetaskkill /f /im OneDrive.exein an elevated Command Prompt. - Open Windows Credential Manager
Press Windows Key + R, typecontrol /name Microsoft.CredentialManager, and press Enter. Click Windows Credentials. Scroll to the Generic Credentials section. Look for entries that contain “OneDrive”, “MicrosoftOffice16”, or “ADAL”. Select each entry and click Remove. Confirm the deletion. Do not remove entries for other applications unless you are certain they are not needed. - Clear the OneDrive account registry key
Press Windows Key + R, typeregedit, and press Enter. Navigate toHKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\Business1. Right-click the Business1 key and select Export to back it up. Then delete the Business1 key. Close Registry Editor. This forces OneDrive to create a fresh account entry on next launch. - Unlink OneDrive from the wrong account
Open OneDrive by searching for it in the Start menu. If OneDrive automatically signs in with the wrong account, click the OneDrive icon in the system tray, select Help & Settings > Settings. Go to the Account tab and click Unlink this PC. Click Unlink account in the confirmation dialog. OneDrive will close. - Restart OneDrive and sign in with the correct account
Open OneDrive from the Start menu. When the sign-in window appears, enter the correct user principal name (for example, jane.doe@contoso.com). Complete the authentication flow. OneDrive will synchronize the correct user’s files. Verify the account name in the OneDrive settings under the Account tab. - Prevent recurrence by updating the deployment configuration
If your Mac management tool pushes a OneDrive configuration to Windows machines, edit the XML or plist file to exclude the UserEmail or UPN field. Instead, let each user sign in interactively on first launch. For Intune-managed Windows devices, remove any OneDrive configuration profile that specifies a user account. For Jamf Pro, ensure the configuration profile is scoped only to macOS devices and not to Windows computers.
If OneDrive Still Uses the Wrong Account After the Checklist
OneDrive keeps prompting for credentials after unlinking
If OneDrive continues to prompt for credentials even after you unlinked and removed cached entries, there may be a stale token stored in the Windows Web Account Manager. Open Settings > Accounts > Email & accounts. Under Accounts used by other apps, find the Microsoft 365 account entry. Click it and select Remove. This clears the broader authentication cache that OneDrive and other Microsoft 365 apps share.
OneDrive syncs files from the wrong user after a reboot
This indicates that a startup script or Group Policy object is reapplying the wrong account credential. Check the Task Scheduler library for a task named OneDrive Standalone Update Task or any custom task that launches OneDrive with a specific user parameter. Disable or delete that task. Also, review local Group Policy under Computer Configuration > Administrative Templates > Windows Components > OneDrive. Ensure the policy Prevent the usage of OneDrive for file storage is not set, and that no policy forces a specific user account.
Mac management tool pushes a OneDrive configuration with wrong UPN
If your organization uses Jamf Pro to manage Windows machines via a configuration profile, the profile may include a UserEmail key that was intended for macOS. Windows OneDrive ignores most macOS-specific keys but respects the UserEmail key if present in the registry. Remove that key from the configuration profile and redeploy. For Intune, ensure the OneDrive settings catalog profile does not include the UserEmail setting.
Credential Manager vs Registry Key: Which One Controls Startup Account Selection
| Item | Windows Credential Manager | Registry Key (Business1) |
|---|---|---|
| Storage location | Control Panel > Credential Manager > Windows Credentials | HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\Business1 |
| Data stored | OAuth refresh token, user ID, tenant ID | Account display name, user ID, sync path |
| When OneDrive reads this | At startup, before showing sign-in UI | Immediately after reading Credential Manager, to determine which account folder to mount |
| Effect of stale entry | OneDrive signs in silently with the wrong user | OneDrive mounts the wrong user’s sync folder even after correct sign-in |
| How to clear | Remove the OneDrive/ADAL entries manually | Delete the Business1 key |
| Scope | Per machine for generic credentials, per user for vault entries | Per user registry hive |
The Credential Manager entry is the primary gatekeeper for silent authentication. The registry key is secondary and controls which sync folder OneDrive mounts after authentication. Clearing both is the most reliable method to reset the account selection on Windows startup.
After completing this checklist, OneDrive on each Windows machine will start with the correct Microsoft 365 account. For long-term management, configure your Mac fleet management tool to exclude user-specific fields from Windows configuration profiles. Use the Microsoft 365 admin center to audit sign-in logs for any remaining stale tokens under Azure Active Directory > Sign-ins > User sign-ins. Filter by the OneDrive application ID to see repeated authentication failures.