How to Fix OneDrive Error 0x8004e4d6

If you are encountering OneDrive Error Code 0x8004e4d6, you are facing an authentication token binding failure. This error prevents users from completing the sign-in flow on Microsoft OneDrive, often occurring on work or school devices. It signals that the system’s local authentication broker cannot supply a valid cryptographic signature to Microsoft’s cloud login endpoints.

This guide covers the causes of this error and details the steps required to resolve it on both Windows and macOS.

What Causes OneDrive Error 0x8004e4d6?

This login error is typically triggered by:

1. Broken Microsoft Entra ID Broker Plugin: The Windows AAD.BrokerPlugin component, which handles single sign-on (SSO), is unregistered or corrupted.
2. Conditional Access Blockage: Your organization has active security policies requiring hybrid Azure AD-joined devices, particular IP ranges, or MFA states that the local client fails to negotiate.
3. Corrupted OAuth Cache: Stale credentials in the system directory preventing Microsoft’s sign-in wizard from initializing.
4. Client Database Out of Sync: System clock skew or local database index issues causing the client to pass invalid security flags.

Detailed Steps to Resolve Error 0x8004e4d6

Method 1: Re-register the Azure Active Directory Broker Plugin

If the local single sign-on system component is corrupted, re-registering it via PowerShell resolves communication issues with Microsoft login servers.

1. Right-click the Start menu and select Terminal (Admin) or PowerShell (Admin).
2. Paste and run the following command to re-register the plugin:

   Add-AppxPackage -Register "C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppxManifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown

3. Restart your computer and try logging in.

Method 2: Purge local identity tokens

Clear cached token directories to force OneDrive to establish a new authentication state.

1. Open Command Prompt as Administrator.
2. Run the following command block:

   taskkill /f /im onedrive.exe
   taskkill /f /im MicrosoftSharePointApp.exe
   rmdir /s /q "%localappdata%\Microsoft\OneAuth"
   rmdir /s /q "%localappdata%\Microsoft\IdentityCache"

3. Relaunch OneDrive and enter your login details.

Method 3: Run the OneDrive client reset

Clear local app configurations that could be caching corrupt states:

%localappdata%\Microsoft\OneDrive\onedrive.exe /reset

Method 1: Delete Local Cache Folders

On macOS, purging the application containers resets Microsoft’s authentication broker.

1. Open Terminal (located in /Applications/Utilities/).
2. Run the following command block:

   killall OneDrive
   defaults delete com.microsoft.OneDrive-mac
   rm -rf ~/Library/Containers/com.microsoft.OneDrive-mac
   rm -rf ~/Library/Group\ Containers/UBF8T346G9.OneDriveStandaloneSuite

3. Open OneDrive from the Applications folder.

Method 3: Verify Web Connection and Conditional Access Policies

1. Open Safari or Chrome and go to portal.office.com.
2. Sign in with your work or school account.
3. If you see a warning indicating that your browser or device is not authorized under a Conditional Access Policy (e.g., “You can’t get there from here”), the error is server-side. You must contact your IT Administrator to authorize your computer’s MAC/IP address or join the device to the company MDM system.

Summary Checklist for Quick Reference

• Re-registered the Microsoft.AAD.BrokerPlugin package on Windows using PowerShell.
• Deleted the cached OneAuth and IdentityCache directories from the Local AppData folder.
• Purged matching OneDrive keys from macOS Keychain Access.
• Reset local configuration databases using the /reset terminal command.
• Verified with the system administrator that no Conditional Access Policies block the device.