Is it possible to disallow proxyAddress as Sign-In Identifier?
As part of a revised naming scheme for user accounts we’re planning to roll out, I’d like to disallow Exchange Online email addresses and proxyAddresses from being used instead of the User Principal Name as an alternative identifier when users sign in to their accounts. This is supposed to strengthen security as users don’t share one of the authentication factors with every email they send and the user names can’t be easily guessed because they don’t use the actual first or last name of the user behind them.
This is the only Microsoft Learn article I found that was describing something similar:
Basically I want to do the opposite of what the article is describing and I’m not synching my users using Microsoft Entra Connect. I disabled the “Email as alternate login ID” option described in the article anyways but unsurprisingly, that didn’t have the desired effect.
Does anyone know if this is even possible and if so, how to do it?
Thanks in advance!
This is my first post in this community. If I did something wrong (like choosing the wrong label) please be kind, tell me, and I’m going to adapt my post.
As part of a revised naming scheme for user accounts we’re planning to roll out, I’d like to disallow Exchange Online email addresses and proxyAddresses from being used instead of the User Principal Name as an alternative identifier when users sign in to their accounts. This is supposed to strengthen security as users don’t share one of the authentication factors with every email they send and the user names can’t be easily guessed because they don’t use the actual first or last name of the user behind them.This is the only Microsoft Learn article I found that was describing something similar:https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-use-email-signin Basically I want to do the opposite of what the article is describing and I’m not synching my users using Microsoft Entra Connect. I disabled the “Email as alternate login ID” option described in the article anyways but unsurprisingly, that didn’t have the desired effect. Does anyone know if this is even possible and if so, how to do it? Thanks in advance! This is my first post in this community. If I did something wrong (like choosing the wrong label) please be kind, tell me, and I’m going to adapt my post. Read More
