Update 4/23/2024: We have now released April 2024 Hotfix Updates which address known issues in March 2024 SU updates.
Microsoft has released Security Updates (SUs) for vulnerabilities found in:
...
Updated Apr 23, 2024
Version 8.0
Blog Post
>Everybody, who have UPN and e-mail different and have outlook mobile authentication issues (For example: god@microsoft.local - AD domain UPN and email: email address removed for privacy reasons)
>1. Just Add Alternative UPN suffix in Active Directory Domain and Trust snap-in.
Right-click on the TOP where it says Active Directory Domains and Trusts in that MMC window, NOT on the domain name itself, and select Properties. This is a very non-obvious place for this.
>2. After that change user logon name and domain suffix in Exchange admin center.
You don't need to change the user login name and domain suffix in Exchange admin you can change it in Active Directory Users and Computers as well. You do need to change it. But it can be changed several places such as in RSAT as well. Some sites don't allow certain admins access to the ECP but user account properties are OK.
>You must ensure that Outlook users have an AD UPN that matches their email exactly.
You ALSO must leave the Domain field in Outlook Mobile blank, and of course you must wait for the thing to fail on the initial account add so that you get put to the additional options/expert options etc. page in the app.
Basically, you use the email address for the login ID field instead of the account name. This breaks autodiscover.xml of course.
Note that this MAY break other clients like the Google client although it did not appear to break mine.
Nice hack kzuata and kudos for grasping what is wrong as the Microsoft engineers seem completely clueless and you are outside of their bubble.
How much do you want to bet that the Exchange group and Mobile group end up saying this is the fix. Sigh.