Removing Persistent Microsoft Teams Accounts on macOS

Hi everyone,

Context

I’ve encountered several machines where multiple Teams accounts (professional, personal, etc.) were registered, and removing them from the system proved to be quite difficult.

I looked into various solutions, but many of the recommended methods didn’t work in my case. Every time I opened Microsoft Teams, the accounts would reappear.

Here are some of the resources I consulted:

•     https://support.microsoft.com/en-us/office/sign-out-or-remove-an-account-from-microsoft-teams-a6d76e69-e1dd-4bc4-8e5f-04ba48384487
•     https://learn.microsoft.com/en-us/answers/questions/2202933/how-do-i-delete-an-old-teams-account-on-mac
•     etc.

What actually worked for me

I manually removed the following items from Keychain Access:

•     OneAuthAccount
•     login.windows.net
•     authority_map

Another effective solution was using a script that I adapted to fit my needs.

Hopefully, this can help someone.

#!/bin/zsh

# Original by PAUL BOWDEN - Completely remove Microsoft Office
# Change to remove credentials only - keeps Microsoft Office license

echo "Effacement des credentials uniquement"

GetLoggedInUser() {
	LOGGEDIN=$(/bin/echo "show State:/Users/ConsoleUser" | /usr/sbin/scutil | /usr/bin/awk '/Name :/&&!/loginwindow/{print $3}')
	if [ "$LOGGEDIN" = "" ]; then
		echo "$USER"
	else
		echo "$LOGGEDIN"
	fi
}

SetHomeFolder() {
	HOME=$(dscl . read /Users/"$1" NFSHomeDirectory | cut -d ':' -f2 | cut -d ' ' -f2)
	if [ "$HOME" = "" ]; then
		if [ -d "/Users/$1" ]; then
			HOME="/Users/$1"
		else
			HOME=$(eval echo "~$1")
		fi
	fi
}

## Main
LoggedInUser=$(GetLoggedInUser)
SetHomeFolder "$LoggedInUser"
echo "Office-Reset: Utilisateur: $LoggedInUser; Home: $HOME"

echo "Quitter toutes les applications"
/usr/bin/pkill -HUP 'Microsoft Word'
/usr/bin/pkill -HUP 'Microsoft Excel'
/usr/bin/pkill -HUP 'Microsoft PowerPoint'
/usr/bin/pkill -HUP 'Microsoft Outlook'
/usr/bin/pkill -HUP 'Microsoft OneNote'
/usr/bin/pkill -f 'Microsoft Teams'

# Fonctions de vérification des entrées keychain
FindEntryOpenTech() {
	/usr/bin/security find-generic-password -G 'MSOpenTech.ADAL.1' 2>/dev/null 1>/dev/null
	echo $?
}
FindEntryOfficeData() {
	/usr/bin/security find-generic-password -G 'Microsoft Office Data' 2>/dev/null 1>/dev/null
	echo $?
}
FindEntryHelpShift() {
	/usr/bin/security find-generic-password -l 'com.helpshift.data_com.microsoft.Outlook' 2>/dev/null 1>/dev/null
	echo $?
}
FindEntryRMSCredential() {
	/usr/bin/security find-generic-password -l 'MicrosoftOfficeRMSCredential' 2>/dev/null 1>/dev/null
	echo $?
}
FindEntryExchange() {
	/usr/bin/security find-generic-password -l 'Exchange' 2>/dev/null 1>/dev/null
	echo $?
}
FindEntryTeamsIdentity() {
	/usr/bin/security find-generic-password -l 'Microsoft Teams Identities Cache' 2>/dev/null 1>/dev/null
	echo $?
}

# Suppression des entrées Keychain (avec boucles pour multiples entrées)
echo "Suppression des entrées keychain..."
/usr/bin/security delete-generic-password -s 'OneAuthAccount' 2>/dev/null
/usr/bin/security delete-internet-password -s 'msoCredentialSchemeADAL' 2>/dev/null
/usr/bin/security delete-internet-password -s 'msoCredentialSchemeLiveId' 2>/dev/null

while [[ $(FindEntryOpenTech) -eq 0 ]]; do
	/usr/bin/security delete-generic-password -G 'MSOpenTech.ADAL.1' 2>/dev/null
done

while [[ $(FindEntryOfficeData) -eq 0 ]]; do
	/usr/bin/security delete-generic-password -G 'Microsoft Office Data' 2>/dev/null
done

/usr/bin/security delete-generic-password -l 'Microsoft Office Identities Cache 2' 2>/dev/null
/usr/bin/security delete-generic-password -l 'Microsoft Office Identities Cache 3' 2>/dev/null
/usr/bin/security delete-generic-password -l 'Microsoft Office Ticket Cache' 2>/dev/null
/usr/bin/security delete-generic-password -l 'com.microsoft.adalcache' 2>/dev/null
/usr/bin/security delete-generic-password -l 'com.microsoft.OutlookCore.Secret' 2>/dev/null

while [[ $(FindEntryHelpShift) -eq 0 ]]; do
	/usr/bin/security delete-generic-password -l 'com.helpshift.data_com.microsoft.Outlook' 2>/dev/null
done

while [[ $(FindEntryRMSCredential) -eq 0 ]]; do
	/usr/bin/security delete-generic-password -l 'MicrosoftOfficeRMSCredential' 2>/dev/null
done

while [[ $(FindEntryExchange) -eq 0 ]]; do
	/usr/bin/security delete-generic-password -l 'Exchange' 2>/dev/null
done

# Teams credentials (avec boucle)
while [[ $(FindEntryTeamsIdentity) -eq 0 ]]; do
	/usr/bin/sudo -u $LoggedInUser /usr/bin/security delete-generic-password -l 'Microsoft Teams Identities Cache' 2>/dev/null
done
/usr/bin/sudo -u $LoggedInUser /usr/bin/security delete-generic-password -l 'Teams Safe Storage' 2>/dev/null

# OneDrive credentials
/usr/bin/security delete-generic-password -l 'OneDrive Standalone Cached Credential' 2>/dev/null
/usr/bin/security delete-generic-password -s 'com.microsoft.onedrive.cookies' 2>/dev/null

# Suppression des fichiers de credentials (préservation des licences)
echo "Suppression des fichiers de credentials (licences préservées)..."
/bin/rm -rf "$HOME/Library/Group Containers/UBF8T346G9.com.microsoft.oneauth" 2>/dev/null
/bin/rm -rf "$HOME/Library/Containers/com.microsoft.RMS-XPCService" 2>/dev/null

# Nettoyage base de données keychain
KEYCHAIN_2_PATH=$(find "$HOME/Library/Keychains" -name "keychain-2.db" 2>/dev/null | head -n1)
if [ -n "$KEYCHAIN_2_PATH" ]; then
	/usr/bin/sqlite3 "$KEYCHAIN_2_PATH" "DELETE FROM genp WHERE agrp='UBF8T346G9.com.microsoft.identity.universalstorage';" 2>/dev/null
fi

/bin/rm -f "$HOME/Library/Keychains/Microsoft_Entity_Certificates-db" 2>/dev/null

echo "Effacement des credentials terminé"
exit 0