OneDrive for Business 0x8004de40 sign-in error troubleshooting for managed devices: keeps returning
🔍 WiseChecker

OneDrive for Business 0x8004de40 sign-in error troubleshooting for managed devices: keeps returning

by

The OneDrive for Business 0x8004de40 sign-in error prevents users from connecting to their cloud storage. This error often reappears even after restarting the app or signing out and back in. On managed devices joined to a Microsoft Entra ID domain, the root cause is typically a broken token cache or a conflict with legacy authentication settings. This article explains why this error persists and provides step-by-step fixes for IT administrators and power users.

Key Takeaways: Fixing the 0x8004de40 Sign-In Error on Managed Devices

  • OneDrive Settings > Account > Unlink this PC: Removes the broken token cache and forces a fresh authentication request.
  • Credential Manager > Windows Credentials > Generic Credentials: Deleting stale OneDrive cached credentials resolves re-authentication loops.
  • Microsoft 365 admin center > Org settings > Modern Authentication: Enabling modern authentication prevents legacy protocol conflicts that trigger error 0x8004de40.

ADVERTISEMENT

Why the 0x8004de40 Error Keeps Returning on Managed Devices

The 0x8004de40 error is a sign-in failure code that indicates OneDrive cannot authenticate with Microsoft 365 servers. On managed devices, the error often reappears because cached tokens become corrupted or because the device enforces legacy authentication protocols that OneDrive no longer supports. Microsoft Entra ID joined devices rely on Primary Refresh Tokens stored in the Windows token broker. If the token broker cache is stale or if conditional access policies block device-based authentication, OneDrive retries the same invalid token and fails repeatedly.

Another common cause is the presence of conflicting credentials in Windows Credential Manager. When a user signs in with multiple Microsoft 365 accounts or when credentials are updated without unlinking OneDrive first, the old credential remains cached. OneDrive tries the cached credential, receives a rejection, and throws error 0x8004de40. The error persists because the cached credential is never cleared automatically.

Steps to Permanently Resolve the 0x8004de40 Sign-In Error

Follow these steps in order. Do not skip any step. Each step addresses a specific layer of the authentication chain. If the error returns after completing all steps, proceed to the troubleshooting section below.

Step 1: Unlink OneDrive from the Current Device

  1. Open OneDrive settings
    Right-click the OneDrive cloud icon in the system tray and select Settings. If the icon is missing, open OneDrive from the Start menu.
  2. Go to the Account tab
    In the OneDrive Settings window, click the Account tab at the top.
  3. Select Unlink this PC
    Click Unlink this PC. Confirm the action when prompted. OneDrive will stop syncing and close. Do not sign in again yet.

Step 2: Clear Stale Credentials from Credential Manager

  1. Open Credential Manager
    Press the Windows key, type Credential Manager, and click the result.
  2. Switch to Windows Credentials
    Click Windows Credentials to view stored credentials for Windows services.
  3. Remove OneDrive-related entries
    Scroll to the Generic Credentials section. Look for entries containing OneDrive, MicrosoftOffice16, or Microsoft AAD. Click the arrow next to each entry and select Remove. Confirm each removal.
  4. Reboot the device
    Restart the computer to clear any in-memory token cache.

Step 3: Reset OneDrive Sync Connection

  1. Open the Run dialog
    Press Windows key + R.
  2. Run the OneDrive reset command
    Type %localappdata%\Microsoft\OneDrive\onedrive.exe /reset and press Enter. A command prompt window flashes briefly. Wait 30 seconds.
  3. Restart OneDrive
    Open the Start menu, type OneDrive, and click the app. Sign in with your work or school account. If the error reappears during sign-in, close the window and proceed to Step 4.

Step 4: Enable Modern Authentication in the Microsoft 365 Admin Center

  1. Sign in to the admin center
    Go to admin.microsoft.com and sign in as a global admin.
  2. Navigate to Org settings
    In the left navigation, select Settings > Org settings.
  3. Open Modern Authentication
    Scroll to Modern Authentication and click it. Ensure the toggle for Turn on modern authentication for Outlook and other Office apps is set to On. Click Save.
  4. Wait 30 minutes
    Modern Authentication changes can take up to 30 minutes to propagate. After waiting, try signing in to OneDrive again.

Step 5: Re-register the Device with Microsoft Entra ID

  1. Open Settings
    Press Windows key + I and go to Accounts > Access work or school.
  2. Disconnect the work or school account
    Click the connected account, then click Disconnect. Confirm the action. The device will unregister from Microsoft Entra ID.
  3. Reconnect the account
    Click Connect, then sign in with your work or school credentials. After the device re-registers, open OneDrive and sign in.

ADVERTISEMENT

If OneDrive Still Shows Error 0x8004de40 After the Main Fix

Some managed devices require additional configuration. The error may return if conditional access policies block the device or if the OneDrive app version is outdated.

OneDrive error persists after unlinking and clearing credentials

If the error appears immediately after signing in again, the token broker may still hold a stale Primary Refresh Token. Run the following command as an administrator in PowerShell: dsregcmd /leave. Reboot, then run dsregcmd /join to rejoin the device to Microsoft Entra ID. After rejoining, sign in to OneDrive.

Conditional access policy blocks sign-in

The error may be triggered by a conditional access policy that requires device compliance or a specific app protection policy. Check the Microsoft Entra sign-in logs at portal.azure.com > Microsoft Entra ID > Sign-in logs. Look for error code 0x8004de40 and review the Conditional Access tab. Work with your IT admin to grant the OneDrive app access under the relevant policy.

OneDrive version is too old

An outdated OneDrive sync client may not support modern authentication. Open OneDrive Settings > About and note the build number. The current stable build is 24.xxx. If the build is older than 22.xxx, download the latest version from onedrive.com/download and install it. The error 0x8004de40 is often resolved in newer builds that handle token refresh more reliably.

OneDrive 0x8004de40 vs Other Sign-In Errors: Comparison

Item 0x8004de40 0x8004de44 0x8004de38
Primary cause Corrupt token cache or legacy auth Network proxy or firewall blocking auth License expired or account disabled
Typical fix Unlink PC and clear credentials Configure proxy exceptions for login.microsoftonline.com and all subdomains Verify user license in Microsoft 365 admin center
Affected devices Managed devices joined to Microsoft Entra ID Devices behind corporate proxy or VPN All devices, especially after license changes
Token involvement Primary Refresh Token in Windows broker No token issue; network prevents token retrieval Server-side token revocation

Now you can resolve the 0x8004de40 sign-in error on managed devices by unlinking OneDrive and clearing cached credentials. Next, verify that modern authentication is enabled in the Microsoft 365 admin center. For persistent cases, re-register the device with Microsoft Entra ID using the dsregcmd command. This combination of steps addresses both client-side token corruption and server-side authentication policy conflicts.

ADVERTISEMENT

← Back to WiseChecker HomeMore in OneDrive

🔍 Recommended for You