FileFix
Categories About Us Contact Us Become a Member

How to fix error 80090016 (Trusted Platform Module has malfunctioned)

This blocks sign-in to Microsoft 365 apps like Outlook and Teams. It usually comes from stale credentials or a TPM mismatch, not broken hardware. Jump to your situation below or work through the methods in order.

By Neeraj Singh ~7 min Updated Jun 2026 95% found this helpful
Error message
Something went wrong. Your computer’s Trusted Platform Module has malfunctioned. If this error persists, contact your system administrator with the error code 80090016.
Summary

Error 80090016 means your computer’s Trusted Platform Module (TPM) has malfunctioned, so Windows cannot use the saved security keys to sign you in. It shows up most when launching Microsoft 365 apps like Outlook, Teams or OneDrive, and often after a motherboard or CPU swap. It is HRESULT 0x80090016, which means the keyset does not exist. The fastest fix is to run the Microsoft 365 sign-in troubleshooter, clear the stale Office entries in Credential Manager, then rename the Azure AD broker cache folder and sign in again. It is almost always a credential or key mismatch, not failing hardware.

What this error means

Error 80090016 is an authentication failure, not a dead PC. The Trusted Platform Module (TPM) is a chip that stores the cryptographic keys Windows and Office use to prove who you are. When the saved keys no longer match what the TPM holds, sign-in fails with this code. Its HRESULT value is 0x80090016, the keyset does not exist. The message reads, something went wrong, your computer’s Trusted Platform Module has malfunctioned, error code 80090016.

It appears most when you open a Microsoft 365 app such as Outlook, Teams, OneDrive, Word or Excel, and it can also block a Windows Hello PIN. A frequent trigger is a motherboard or CPU swap, since the new TPM no longer matches the tokens the old one created. It is almost always fixable by clearing the stale credentials, without replacing any hardware.

Common causes

Stale or corrupt Office sign-in credentials cached in Windows Credential Manager.
A damaged Azure AD broker cache or NGC (Windows Hello) folder.
A motherboard, CPU or TPM change, so the new chip does not match the old tokens.
An outdated or glitchy TPM 2.0 driver.
The TPM was cleared, reset or disabled in the BIOS.
A corrupt Windows user profile.
Organisation policy or an Entra ID sync problem on a managed device.
Expert insight

“Nine times out of ten 80090016 is not a broken chip, it is a stale key. The PC kept old Office tokens that no longer match the TPM, usually after a motherboard or CPU change. I clear the Office entries in Credential Manager, rename the Azure AD broker folder, then sign in fresh and it comes back. I only clear the TPM as a last resort, and never before checking the BitLocker recovery key is saved.”

Neeraj Singh
Manager, Tech Support & Operations · 19+ years fixing Windows and system errors

How to fix it

Method 1Run the Microsoft 365 sign-in troubleshooter
1Download the Microsoft Support and Recovery Assistant from Microsoft, or open the Microsoft 365 sign-in troubleshooter.
2Run it and choose the option for Office or Microsoft 365 sign-in problems.
3Let it apply any fixes, then restart and open the app again.
Method 2Remove stale Office credentials
1Search Credential Manager, open it, then click Windows Credentials.
2Under Generic Credentials, expand and Remove every entry that starts with MicrosoftOffice16 or MicrosoftAccount. Remove them one at a time.
3Close Credential Manager, reboot, then sign in to the app again.
Method 3Rename the Azure AD broker cache
1Sign in with an administrator account and make sure the affected user is signed out. You need admin rights to rename this folder.
2
Open File Explorer and go to this path:
%LOCALAPPDATA%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
3Rename the folder to add .old on the end. Sign back in as the affected user and open the app, Windows rebuilds the folder.
Method 4Update the TPM 2.0 driver
1Press Win + R, type devmgmt.msc and press Enter.
2Expand Security devices, right-click Trusted Platform Module 2.0 and choose Update driver, then Search automatically.
3Reboot and try again. While you are here, check Windows Update for a firmware or TPM update.
Method 5Remove and re-add your work or school account
1Go to Settings → Accounts → Access work or school.
2Select your organisation account, click Disconnect and confirm.
3Restart, add it back with Connect and sign in, then re-open the Office app.
Method 6Office identity registry fix (advanced)
1
Press Win + R, type regedit and go to this key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Identity
2Create a DWORD (32-bit) value named EnableADAL and set it to 1. The 16.0 part may differ by Office version.
3Reboot, then open Outlook or Teams. Back up the key first if you are unsure.
Method 7Reset your Windows Hello PIN
1If the error blocks a PIN, go to Settings → Accounts → Sign-in options → PIN (Windows Hello).
2Click I forgot my PIN and follow the prompts to set a new one.
3If that fails, sign in with your password, remove the PIN, reboot and add it again.
Method 8Clear the TPM (last resort)
1Clearing the TPM can lock a BitLocker drive, so first confirm your BitLocker recovery key is saved to your Microsoft account. This step erases TPM-stored keys.
2Open Windows Security → Device security → Security processor details → Security processor troubleshooting.
3Click Clear TPM and restart. Windows rebuilds the keys and you sign in fresh.

After a motherboard or CPU swap? The new TPM no longer matches the tokens Office saved, which is the classic cause of 80090016. Work through Methods 2 and 3 (clear credentials, rename the broker folder) and re-activate Office. You do not need to revert the hardware.

Frequently asked questions

What does error 80090016 mean?
It means your Trusted Platform Module has malfunctioned, so Windows cannot use the saved keys to sign you in. It is HRESULT 0x80090016, the keyset does not exist, and it usually blocks Microsoft 365 apps like Outlook and Teams.
How do I fix 80090016 quickly?
Run the Microsoft 365 sign-in troubleshooter, remove the MicrosoftOffice16 entries in Credential Manager, then rename the Azure AD broker cache folder and sign in again.
Why did 80090016 start after a new motherboard or CPU?
The new TPM does not match the security tokens your old chip created, so Office authentication fails. Clearing the cached credentials and the broker folder rebuilds them.
Does clearing the TPM delete my files?
No, but it erases TPM-stored keys and can lock a BitLocker drive. Confirm your BitLocker recovery key is saved before you clear the TPM.
Is 80090016 a hardware fault?
Usually not. It is almost always a stale credential or key mismatch. A genuine chip fault is rare and would show the TPM as missing in tpm.msc.
Can I fix 80090016 without an administrator?
The troubleshooter and Credential Manager work as a standard user, but renaming the broker folder, updating the driver and clearing the TPM need admin rights. On a managed work PC, contact IT.

Still not working?

If none of the methods above resolve it, the TPM may be failing or your work account may need to be re-issued by IT. Check the TPM status in tpm.msc, and on a managed device contact your administrator. You can also submit your error to us for a tailored fix.

Was this fix helpful? Thanks for your feedback!