You open Microsoft Edge and click the Copilot icon, but instead of a chat window you see a message that your token has expired. Refreshing the page or restarting the browser often brings back the same error, creating an endless loop that blocks access to Copilot in the sidebar. This problem occurs because the authentication token that Copilot uses to verify your identity has become stale or corrupted, and the browser cannot automatically refresh it. This article explains why the token expires mid-session and provides three methods to break the loop and restore normal Copilot functionality in Edge.
Key Takeaways: Fixing the Copilot Token Expired Loop in Edge
- Edge > Settings > Privacy, search, and services > Clear browsing data: Removing cached site data and cookies forces a fresh token request and resolves most token expired loops.
- Microsoft 365 admin center > Health > Service health: Checking for active incidents that affect Azure AD authentication can save time before attempting local fixes.
- Windows Credential Manager > Windows Credentials > Remove MicrosoftOffice16 entries: Deleting stale cached credentials for Microsoft 365 services forces Edge to re-authenticate from scratch.
Why the Copilot Token Expired Loop Occurs in Edge
Copilot in Edge relies on an OAuth 2.0 access token issued by Azure Active Directory. This token has a finite lifetime, typically one hour for most Microsoft 365 workloads. When the token expires, Edge should silently refresh it using a refresh token stored in the browser’s secure storage. The token expired loop starts when the refresh process fails for one of three reasons:
Corrupted Browser Cache or Cookies
Edge stores authentication state in cookies and cached site data. If these files become corrupted due to a failed update, disk write error, or third-party extension interference, the browser cannot locate a valid refresh token. It then presents the expired token to Copilot’s server, which rejects the request and shows the token expired message. Refreshing the page reloads the same corrupted data, creating the loop.
Stale Windows Credential Manager Entries
Microsoft 365 applications, including Copilot, cache credentials in Windows Credential Manager under the Windows Credentials section. When these stored credentials become out of sync with the Azure AD token endpoint, Edge cannot obtain a new access token even after clearing browser data. The system continues to present the old, expired token.
Azure AD Service Incident or Conditional Access Policy Change
In some cases, the token expired loop is triggered by a service-side issue. Azure AD may reject a valid refresh token if a conditional access policy was updated while the token was active. For example, if an administrator enables multi-factor authentication for a user group, existing tokens become invalid and require re-authentication. Edge does not automatically prompt for re-authentication in this scenario, so the expired token loop persists until the user explicitly signs out and back in.
Steps to Break the Token Expired Loop in Edge
Use the following methods in order. Start with Method 1 because it resolves the majority of cases. Move to Method 2 if the error persists, and use Method 3 only when the first two fail.
Method 1: Clear Copilot-Specific Site Data in Edge
- Open Edge settings
Click the three-dot menu in the upper-right corner of the browser window, then select Settings from the dropdown menu. - Navigate to privacy and services
In the left sidebar, choose Privacy, search, and services. Under the Clear browsing data section, click Choose what to clear. - Set the time range to All time
In the dialog that opens, set the Time range dropdown to All time. This ensures you remove all cached data for the affected sites, not just recent entries. - Select Cookies and other site data
Check the box next to Cookies and other site data. Also check Cached images and files. Do not check passwords or autofill data — leaving those unchecked preserves your saved logins for other sites. - Clear only Copilot-relevant data
Click the Clear now button. After the process completes, restart Edge and open Copilot. The token expired message should be gone. If it reappears, proceed to Method 2.
Method 2: Sign Out of Microsoft 365 in Edge and Sign Back In
- Open the Microsoft 365 portal
Go to office.com and ensure you are signed in with the same work or school account you use for Copilot. - Sign out of all sessions
Click your profile picture or initials in the upper-right corner of the page. Select Sign out from the menu. This action invalidates the current session token across all Microsoft 365 services in Edge. - Close and reopen Edge
Exit the browser completely. Wait 10 seconds, then open Edge again. Do not restore previous tabs — start with a clean session. - Sign back in and verify Copilot
Navigate to office.com and sign in with your credentials. Complete any multi-factor authentication prompts. Open the Copilot sidebar by clicking the Copilot icon in the Edge toolbar. The token should be refreshed and Copilot should load without errors.
Method 3: Remove Stale Credentials from Windows Credential Manager
- Open Credential Manager
Press the Windows key, type Credential Manager, and select the app from the search results. - Switch to Windows Credentials
Click the Windows Credentials button at the top of the Credential Manager window. - Locate Microsoft 365 credential entries
Scroll through the Generic Credentials list. Look for entries that begin with MicrosoftOffice16 or MicrosoftOffice15. These store cached authentication data for Microsoft 365 applications including Copilot. - Remove the stale entries
Click the arrow next to each MicrosoftOffice entry to expand it. Select Remove and confirm the deletion. Repeat this for every entry that starts with MicrosoftOffice16 or MicrosoftOffice15. - Restart Edge and test Copilot
Close Edge completely. Open it again and sign in to your Microsoft 365 account. The credential removal forces Edge to request a brand new token from Azure AD, which breaks the expired token loop.
If Copilot Still Shows Token Expired After the Main Fix
In rare cases, the loop persists even after clearing browser data, signing out, and removing credentials. The following edge cases explain why and how to resolve them.
Copilot Token Expired Loop Happens on Only One Profile
If the error occurs only in a specific Edge profile, the profile itself may contain corrupted sync data. Create a new Edge profile by going to Edge Settings > Profiles > Add profile. Sign in with your Microsoft 365 account in the new profile and test Copilot. If the new profile works, transfer your bookmarks and settings from the old profile, then delete the corrupted profile.
Token Expired Loop After a Conditional Access Policy Update
When an IT administrator changes conditional access policies, existing tokens become invalid. In this case, open an InPrivate window in Edge by pressing Ctrl+Shift+N. Sign in to office.com in the InPrivate window and open Copilot. The InPrivate window forces a fresh authentication flow that respects the new policy. If Copilot works in InPrivate mode, the issue is policy-related. Contact your IT admin to verify the policy settings.
Copilot Token Expired Loop on a Domain-Joined Device
Domain-joined devices often use Windows Integrated Authentication, which can cache stale tickets. Run the following command in an elevated Command Prompt to purge the Kerberos ticket cache: klist purge. After running the command, restart Edge and sign in again. This step removes any cached domain authentication tickets that may interfere with Copilot’s token refresh.
Copilot Token Expired Loop vs Other Copilot Authentication Errors
| Item | Token Expired Loop | Generic Sign-In Required Error |
|---|---|---|
| Description | Copilot repeatedly shows token expired message even after refresh | Copilot asks you to sign in again but works after one sign-in |
| Root cause | Corrupted cache, stale credentials, or policy change blocking token refresh | Session timeout or browser restart that clears in-memory token |
| Primary fix | Clear site data and remove MicrosoftOffice16 credentials | Sign in once through the Copilot prompt |
| Secondary fix | Use InPrivate window or new Edge profile | Clear cookies for login.microsoftonline.com |
| Recurrence | Returns after every refresh until cache is cleared | Does not return until next session timeout |
The token expired loop is distinct from a simple sign-in prompt because it persists across browser restarts and page refreshes. A generic sign-in error resolves after you authenticate once. If you experience the loop, follow the three methods in order: clear site data, sign out of all sessions, and remove stale Windows credentials. For persistent cases on domain-joined devices, run the klist purge command to clear the Kerberos ticket cache. After completing these steps, Copilot in Edge should load without authentication errors.