Microsoft's March 2026 security update broke sign-in to Microsoft accounts in apps like Teams, OneDrive, Word, PowerPoint, Excel and Copilot. After installing the KB5079473 update, users encountered an error message indicating no internet connection, even when devices had a working connection. The scope was substantial but not universal: businesses using Entra ID (previously known as Azure Active Directory) for application authentication were not affected.
Microsoft announced the issue March 20 via its Windows Release Health dashboard, weeks after the patch had already rolled out automatically. The out-of-band update, released this weekend, includes everything in the March 10 Windows security update, as well as a fix for the Microsoft account issue. The timing underscores a broader pattern: this is the third out-of-band update Microsoft has shipped for Windows 11 25H2 and 24H2 in March 2026 alone.
The incident arrives with awkward timing for Microsoft's leadership. Just days earlier, Windows boss Pavan Davuluri stated that 'reliability is the bedrock of trust' and promised to focus on improving baseline reliability across the operating system, including updates and drivers. His announcement marked a significant shift in Microsoft's development philosophy, moving away from major feature integration and toward polishing the core foundation of the operating system.
The tension between that pledge and this outcome raises legitimate questions about quality assurance processes. The March cumulative update addressed 84 vulnerabilities across Windows and related products, a genuinely important security function. Yet the cycle of patch, break, and patch again leaves users who depend on timely security patches to choose between app breakage and exposure to vulnerabilities. This is not a choice users should face with routine monthly patches.
For affected Windows users, workarounds existed while awaiting the emergency fix. According to Microsoft, the issue occurred when the device entered a specific network connectivity state and might resolve on its own; a restart also helped, provided the device was online. But relying on device restarts and continuous internet connectivity is far from an ideal support experience for software that handles critical productivity work.
Microsoft authentication systems have a history of similar failures, with MFA disruptions affecting Microsoft 365 users in January 2025 similarly locking users out of their accounts. The breaking point came in January 2026 when the first Windows 11 update of that year turned into a disaster with shutdown failures, followed by emergency patches for OneDrive and Dropbox crashes, and confirmation that business PCs were failing to boot. That context makes Davuluri's recent promises sound more aspirational than grounded in demonstrated execution.
The question now is whether Microsoft's stated commitment to reliability will translate into structural changes to how updates are tested before release, or whether the company's need to patch security vulnerabilities quickly will continue to outpace its ability to validate the side effects of those patches. The first wave of quality improvements is scheduled to roll out to Windows Insiders throughout March and April 2026, with deeper architectural changes expected over the course of the year. Users watching this pattern unfold will reasonably ask whether the company has genuinely addressed its testing pipeline, or simply committed to treating the symptoms faster.