Forum Discussion
Secondary mailboxes and FSLogix Roam Identity
HI,
Got a bit of a puzzler, so we have a client who uses outlook to access the main mailbox on the tenant, but they also have a secondary mailbox added to outlook from a different tenant, so when they log in it authenticates to both, all good. The reason they have it set up this way is to do with signatures.
With existing FSLogix this works fine, we then upgraded them to the latest, this changes the authentication method and puts the token on EntraID, the secondary mailbox now wants the password every time, as its on another tenant. Makes sense, so enabled Roam Identity to put back status quo. However this then pulls the machine out of EntraID/Intune, and recommendations is not to use Roam Identity if enrolled into Intune.
Anyone else come across this or any way forward/guidance, have about 50+ users set up this way?
Thanks
1 Reply
Try this to address and fix your issue:
1. Use FSLogix Profile Containers Without Roam Identity
- Configure FSLogix to persist tokens via profile containers rather than Roam Identity.
- This avoids the registry-level roaming and keeps the device compliant with Intune.
- You may need to tweak registry settings or use Nerdio Manager to automate token persistence without enabling Roam Identity.
2. Enable Seamless SSO for Primary Tenant
- Microsoft recommends configuring Entra seamless single sign-on instead of roaming tokens.
- This won’t help with the secondary tenant directly, but it reduces friction for the primary account.
3. Use Outlook Web Access (OWA) for Secondary Mailbox
- If signatures are the only reason for using Outlook desktop, consider shifting secondary mailbox access to OWA.
- You can still apply signatures via transport rules or third-party tools.
4. Explore Third-Party Signature Management
- Tools like CodeTwo or Exclaimer can centralize signature management across tenants, potentially removing the need for dual Outlook profiles.
