Forum Discussion

AndrewSAIF's avatar
AndrewSAIF
Iron Contributor
May 22, 2020

Adding multiple domains to RestrictSigninToPattern string

Hello,

 

I am using the RestrictSigninToPattern policy. I recently received a request to add an additional domain to the policy. 

 

The example on the policy description page only has a single entry: 

The most obvious thing to try from the example was to separate them with a comma, but this did not work.

 

I found this reddit post:

https://www.reddit.com/r/SCCM/comments/ew26fp/edge_chromium_gpo_restrictsignintopattern/ffzoe08/

 

It looks like it is looking for a regex. So if you want to add multiple entries, you can do:

 

^.*@domain1.com$|^.*@domain2.com$

 

Any way the syntax can be added to the documentation for this policy?

 

Thanks!

Andrew

5 Replies

Sort By
  • mcnaugha's avatar
    mcnaugha
    Copper Contributor
    Sep 01, 2022
    This seems to work for me:

    (?:.*@mydomain.com|.*@myschool.sch.uk|.*@other.org.uk|.*@hownowbrowncow.co.uk)
    • andrewmcn's avatar
      andrewmcn
      Copper Contributor
      Sep 05, 2022
      Just to add to this... I had to adapt this to incorporate support for the $ character in our admin usernames and also realised it's case sensitive by default. So, the format changed to this:

      (?i:[[:ascii:]]*@mydomain.com|.*@myschool.sch.uk|.*@other.org.uk|[[:ascii:]]*@mytenant.onmicrosoft.com)




      In case you didn't know, the "$" has special meaning in regex. So, if we use it then we need to cover it by some other means. So, I had to add in the [[:ascii:]] to get the $ character accepted. Then I realised it's also case sensitive by default. So, needed to add the little i after the ?
  • Johannes Goerlich's avatar
    Johannes Goerlich
    Copper Contributor
    Jun 17, 2020

    I'm wondering how this policy works atall. The description states "Determines which accounts can be set as browser primary accounts in Microsoft Edge (the account that is chosen during the Sync opt-in flow)". What happens now if you add your AAD domain as well as .*@hotmail.com?

    Which one would then be chosen during the Sync opt-in flow?

    It seems this does also not affect the profile which is preselected in profile manager under "Multiple profile preferences" as "Default profile for external links". At least that was the setting which i was tinking about when tring to understand the functionality.

     

  • re_bl's avatar
    re_bl
    Copper Contributor
    Jun 15, 2020

    AndrewSAIF  That is exactly what I am looking for. 

    @Microsoft can you confirm that this entry works also in the future? Why is this option not in the documentation as example? 

     

    Thanks!
    Reto

Resources