ANAVEM
EnglishFrancais
ANAVEM
Languagefr
Fix Trusted Platform Module Error 80090016 – Windows 11 2026
Fix Guide80090016Trusted Platform Module

Fix Trusted Platform Module Error 80090016 – Windows 11 2026

TPM error 80090016 prevents Microsoft 365 apps from authenticating. Fix by renaming AAD BrokerPlugin folder, reinstalling WAM plugin, or clearing TPM data.

March 22, 2026 12 min
80090016Trusted Platform Module 5 methods 12 min
Instant Solution

Navigate to C:\Users\%username%\AppData\Local\Packages and rename the Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy folder to add .old suffix. Restart your computer and launch Microsoft 365 apps to verify the fix.

Understanding TPM Error 80090016

Trusted Platform Module (TPM) error 80090016 is a critical authentication failure that primarily affects Microsoft 365 applications on Windows 11 systems. This error indicates that the TPM hardware security chip has encountered a malfunction during the cryptographic authentication process, preventing applications like Teams, Outlook, Word, Excel, and PowerPoint from establishing secure connections to Microsoft's cloud services.

The TPM serves as a hardware-based security foundation for Windows 11, storing encryption keys, certificates, and authentication credentials in a secure environment. When error 80090016 occurs, it typically manifests as a complete inability to launch Microsoft 365 applications, with users receiving the message "Your computer's Trusted Platform Module has malfunctioned" followed by the specific error code.

This issue has become increasingly prevalent in enterprise environments running Windows 11 with the latest 2026 security updates, particularly affecting organizations that rely heavily on Microsoft 365 for daily operations. The error can stem from corrupted authentication broker data, outdated TPM firmware, or conflicts introduced by recent Windows updates that modify TPM driver behavior.

Diagnostic

Symptoms

  • Microsoft 365 apps (Teams, Outlook, Word, Excel, PowerPoint) fail to launch with TPM malfunction message
  • Error message: "Your computer's Trusted Platform Module has malfunctioned. Error code 80090016"
  • Repeated authentication prompts in Microsoft 365 applications
  • OneDrive for Business sync failures with authentication errors
  • Unable to access Microsoft 365 services despite valid credentials
  • Applications crash or freeze during startup authentication process
Analysis

Root Causes

  • Corrupted Microsoft AAD BrokerPlugin data preventing secure authentication
  • Outdated or damaged Microsoft Entra WAM Plugin package
  • TPM hardware malfunction or firmware corruption
  • Windows 11 system updates causing TPM driver conflicts
  • Incorrect TPM security policies or registry configurations
  • Hardware component replacement affecting TPM chip initialization
  • Antivirus software interfering with TPM cryptographic operations
Resolution Methods

Solutions

01

Rename Microsoft AAD BrokerPlugin Folder

This method resolves corrupted authentication data by forcing Windows to recreate the AAD BrokerPlugin folder.

  1. Close all Microsoft 365 applications completely
  2. Press Windows + R and type %localappdata%\Packages, then press Enter
  3. Locate the folder named Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
  4. Right-click the folder and select Rename
  5. Add .old to the end of the folder name (e.g., Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy.old)
  6. If you receive an error that the folder is in use, open Task Manager and end any Microsoft 365 processes
  7. Restart your computer
  8. Launch any Microsoft 365 application
  9. Sign in with your credentials when prompted
Pro tip: If you cannot rename the folder due to permissions, run File Explorer as administrator or use PowerShell with elevated privileges.

Verification: Open Outlook or Teams. You should be able to sign in without encountering error 80090016. Check that a new Microsoft.AAD.BrokerPlugin folder was created automatically.

02

Reinstall Microsoft Entra WAM Plugin

The Windows Account Manager (WAM) plugin handles authentication for Microsoft services. Reinstalling it resolves TPM authentication issues.

  1. Open PowerShell as Administrator
  2. List installed WAM packages:
Get-AppxPackage | Where-Object {$_.Name -like "*Microsoft.AAD*"}
  1. Remove the existing WAM plugin:
Get-AppxPackage Microsoft.AAD.BrokerPlugin | Remove-AppxPackage
  1. Download and reinstall the latest WAM plugin from Microsoft Store:
Add-AppxPackage -RegisterByFamilyName -MainPackage Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
  1. Alternatively, reset the WAM plugin without removal:
Get-AppxPackage Microsoft.AAD.BrokerPlugin | Reset-AppxPackage
  1. Restart the Windows Account Manager service:
Restart-Service -Name "TokenBroker" -Force
  1. Reboot your computer
Warning: Removing the WAM plugin will sign you out of all Microsoft 365 applications. You'll need to re-authenticate after reinstallation.

Verification: Run Get-AppxPackage Microsoft.AAD.BrokerPlugin in PowerShell to confirm the package is installed and check the version number.

03

Clear TPM and Reset Security Policies

This method clears corrupted TPM data and resets security policies that may be causing authentication failures.

  1. Open Windows Security from Start menu
  2. Navigate to Device SecuritySecurity processor details
  3. Click Security processor troubleshooting
  4. Select Clear TPM and follow the prompts
  5. Alternatively, use PowerShell to clear TPM:
Clear-Tpm
  1. Reset Windows Hello and credential policies:
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\PassportForWork" -Recurse -Force -ErrorAction SilentlyContinue
  1. Clear stored credentials:
cmdkey /list | ForEach-Object {if($_ -like "*microsoft*"){cmdkey /delete:($_ -split " ")[1]}}
  1. Restart the TPM services:
Restart-Service -Name "TBS" -Force
Restart-Service -Name "TPM" -Force
  1. Reboot your computer
  2. Reconfigure Windows Hello if previously enabled
Warning: Clearing TPM will remove all stored encryption keys and certificates. BitLocker recovery keys may be required after this operation.

Verification: Open tpm.msc and verify TPM status shows as "Ready for use". Check that Microsoft 365 apps launch without error 80090016.

04

Run Microsoft 365 Activation Troubleshooter

Microsoft provides a dedicated troubleshooter for Office activation and authentication issues that can resolve TPM-related problems.

  1. Download the Microsoft 365 Support and Recovery Assistant from the official Microsoft website
  2. Run the downloaded SaRA_OfficeScrubber.exe file as administrator
  3. Select Office from the application list
  4. Choose I'm having trouble signing in to Office
  5. Follow the guided troubleshooting steps
  6. When prompted, select TPM or authentication issues
  7. Allow the tool to scan and repair authentication components
  8. If the automated fix fails, manually reset Office credentials:
cd /d %ProgramFiles%\Microsoft Office\root\Office16
officeClickToRun.exe scenario=Repair platform=x64 culture=en-us RepairType=QuickRepair
  1. Clear Office credential cache:
Remove-Item -Path "$env:LOCALAPPDATA\Microsoft\Office\16.0\Wef" -Recurse -Force -ErrorAction SilentlyContinue
  1. Reset Office activation state:
cd /d %ProgramFiles%\Microsoft Office\Office16
cscript ospp.vbs /rearm
  1. Restart your computer

Verification: Launch any Microsoft 365 application and verify you can sign in without encountering TPM error 80090016. Check activation status in FileAccount.

05

Update TPM Firmware and Windows Drivers

Outdated TPM firmware or drivers can cause authentication failures. This method ensures all TPM components are current.

  1. Check current TPM version:
Get-WmiObject -Namespace "Root\CIMv2\Security\MicrosoftTpm" -Class Win32_Tpm | Select-Object SpecVersion, ManufacturerVersion
  1. Open Device Manager and expand Security devices
  2. Right-click Trusted Platform Module 2.0 and select Update driver
  3. Choose Search automatically for drivers
  4. Download TPM firmware updates from your computer manufacturer's website
  5. Install Windows 11 cumulative updates:
Install-Module PSWindowsUpdate -Force
Get-WindowsUpdate -Install -AcceptAll -AutoReboot
  1. Update Microsoft 365 to the latest version:
cd /d %ProgramFiles%\Common Files\Microsoft Shared\ClickToRun
OfficeC2RClient.exe /update user
  1. Verify TPM functionality after updates:
Get-Tpm | Select-Object TpmPresent, TpmReady, TpmEnabled
  1. If TPM is not ready, initialize it:
Initialize-Tpm
  1. Restart your computer
Pro tip: Check your BIOS/UEFI settings to ensure TPM 2.0 is enabled and set to discrete mode rather than firmware mode for better compatibility.

Verification: Run tpm.msc to confirm TPM status is "Ready for use" and version is 2.0. Test Microsoft 365 applications to ensure error 80090016 is resolved.

Validation

Verification

After applying any of the above methods, verify the fix by following these steps:

  1. Open Command Prompt as administrator and run:
tpm.msc

Confirm TPM status shows "The TPM is ready for use" with no error indicators.

  1. Test Microsoft 365 authentication:
Get-AppxPackage Microsoft.AAD.BrokerPlugin | Select-Object Name, Version, Status

Verify the package status is "Ok" and version is current.

  1. Launch multiple Microsoft 365 applications (Outlook, Teams, Word) and confirm they authenticate successfully without prompting for credentials repeatedly
  2. Check Windows Event Viewer under Applications and Services LogsMicrosoftWindowsTPM-WMI for any remaining TPM-related errors
If it still fails

Advanced Troubleshooting

If the above methods didn't resolve error 80090016, try these advanced troubleshooting steps:

Advanced Registry Repair

Reset TPM-related registry entries that may be corrupted:

Remove-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\TPM" -Recurse -Force -ErrorAction SilentlyContinue
Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\Cryptography\Protect" -Recurse -Force -ErrorAction SilentlyContinue

Hardware-Level TPM Reset

If software methods fail, the TPM chip itself may need hardware-level reset. Access your computer's BIOS/UEFI settings and look for TPM options under Security settings. Disable TPM, save settings, reboot, then re-enable TPM and save again.

Enterprise Environment Solutions

For domain-joined computers, check Group Policy settings that may be interfering with TPM operations. Run gpresult /h gpreport.html to review applied policies related to TPM and Windows Hello.

Complete Office Reinstallation

If authentication issues persist, perform a complete Microsoft 365 removal and clean installation using the Office Deployment Tool with custom configuration XML that excludes problematic components.

Frequently Asked Questions

What does TPM error 80090016 specifically mean?+
TPM error 80090016 indicates a malfunction in the Trusted Platform Module's authentication process. Specifically, it means the TPM chip cannot properly validate or decrypt the cryptographic keys required for Microsoft 365 applications to authenticate with Azure Active Directory services. This error code is returned when the TPM hardware or its associated software components fail to complete the secure authentication handshake that Microsoft 365 apps require for single sign-on functionality.
Can I disable TPM to bypass this error?+
While you can disable TPM in BIOS settings, this is not recommended for Windows 11 systems as it compromises security features like BitLocker encryption, Windows Hello, and secure boot. Instead of disabling TPM, the recommended approach is to clear and reinitialize the TPM data, update firmware, or reset the authentication components. Disabling TPM may also prevent future Windows updates and cause compliance issues in enterprise environments.
Why does this error only affect Microsoft 365 apps and not other software?+
Microsoft 365 applications use Azure Active Directory (AAD) authentication through the Windows Account Manager (WAM) and AAD BrokerPlugin, which specifically rely on TPM for secure credential storage and cryptographic operations. Other applications may use different authentication methods that don't require TPM integration. The error occurs because Microsoft 365 apps are designed to leverage Windows 11's hardware security features for enhanced protection of enterprise credentials and data.
Will clearing TPM affect my BitLocker encryption?+
Yes, clearing TPM will affect BitLocker-encrypted drives. Before clearing TPM, ensure you have your BitLocker recovery keys saved, as you'll need them to unlock encrypted drives after the TPM reset. The system may prompt for recovery keys during the next boot. After clearing TPM and resolving the authentication issue, BitLocker will automatically re-establish its relationship with the TPM chip, but the initial recovery key entry is typically required.
How can I prevent TPM error 80090016 from recurring?+
To prevent recurrence, keep Windows 11 and Microsoft 365 applications updated to the latest versions, regularly update TPM firmware through Windows Update or manufacturer tools, avoid force-shutting down applications during authentication processes, and ensure your antivirus software has exceptions for Microsoft authentication components. Additionally, in enterprise environments, review Group Policy settings related to TPM and Windows Hello to ensure they don't conflict with Microsoft 365 authentication requirements.
Tags
#tpm-error#windows-11#microsoft-365

Further Intelligence

Deepen your knowledge with related resources

Fix Microsoft Account Sign-in Error KB5085516 – Windows 11 2026
fix
Windows

Fix Microsoft Account Sign-in Error KB5085516 – Windows 11 2026

Deep Dive
Fix Windows Update Error 0x80070643 – Windows 10/11 2026
fix
Windows

Fix Windows Update Error 0x80070643 – Windows 10/11 2026

Deep Dive
Fix Microsoft Edge Error 0x800706b5 – Windows 11 2026
fix
Windows

Fix Microsoft Edge Error 0x800706b5 – Windows 11 2026

Deep Dive

Discussion

Share your thoughts and insights

Sign in to join the discussion

Sign inCreate account