If you or your team suddenly couldn't sign into Remote Desktop, Azure Virtual Desktop (AVD), or Windows 365 Cloud PC sessions through the Windows App — getting an "Unable to Authenticate" message along with error code 0x80080005 immediately after clicking Connect, even with correct credentials — this was a real, fairly widespread issue, not something specific to your machine or account.
What caused it
The January 13, 2026 Windows cumulative update KB5074109 (affecting Windows 11 24H2 and 25H2, builds 26100.7623 and 26200.7623) included a security hardening change to the Credential UI (CredUI) broker — the system component responsible for handling the authentication prompt during sign-in. This change unintentionally broke the credential prompt flow specifically when connecting through the Windows App to Azure Virtual Desktop or Windows 365 Cloud PC environments. The connection would fail immediately, before a session could even establish, despite the credentials being entered correctly.
The issue affected the Windows App specifically — the standard web client (windows.cloud.microsoft) and the classic/legacy Remote Desktop client were not affected by this particular bug, which is why those were the recommended workarounds while a permanent fix was prepared.
The fix: install the out-of-band update
Microsoft confirmed this as a known issue and released an out-of-band (OOB) emergency patch just four days later, on January 17, 2026. The correct fix is simply to make sure your system has the follow-up patch installed:
- Windows 11 24H2/25H2: install KB5077744
- For other affected Windows versions, check Windows Update for the corresponding out-of-band patch released around the same date — Microsoft published matching packages across the affected builds.
To check what you currently have installed: go to Settings → Windows Update → Update history, and look for whether the January 17 out-of-band update is listed. If it's not there yet, running Windows Update manually (Settings → Windows Update → Check for updates) should surface it.
Important: the fix is to install the follow-up patch, not to uninstall KB5074109. While uninstalling the original update was floated as a temporary workaround by some early reports, KB5074109 also patched a number of security vulnerabilities, including an actively exploited zero-day. The out-of-band patch (KB5077744 or equivalent) fixes the authentication bug while keeping those security protections in place — which is the better outcome for both fixing the issue and not reopening a real security gap.
If you can't install the patch right away
If you're in an enterprise environment where patches need to go through testing or staged rollout before deployment, two workarounds existed in the meantime:
- Use the Windows App web client at windows.cloud.microsoft instead of the desktop Windows App — this wasn't affected by the bug.
- Use the classic/legacy Remote Desktop Connection client rather than the newer Windows App, which also wasn't affected.
For IT administrators managing larger fleets, Microsoft also made a Known Issue Rollback (KIR) available, which can be pushed via Group Policy to revert the specific problematic behavior without needing to uninstall the entire update on every device.