Adding multiple domains to RestrictSigninToPattern string

Iron Contributor



I am using the RestrictSigninToPattern policy. I recently received a request to add an additional domain to the policy. 


The example on the policy description page only has a single entry: 


The most obvious thing to try from the example was to separate them with a comma, but this did not work.


I found this reddit post:


It looks like it is looking for a regex. So if you want to add multiple entries, you can do:




Any way the syntax can be added to the documentation for this policy?




5 Replies

@AndrewSAIF  That is exactly what I am looking for. 

@Microsoft can you confirm that this entry works also in the future? Why is this option not in the documentation as example? 



I'm wondering how this policy works atall. The description states "Determines which accounts can be set as browser primary accounts in Microsoft Edge (the account that is chosen during the Sync opt-in flow)". What happens now if you add your AAD domain as well as .*

Which one would then be chosen during the Sync opt-in flow?

It seems this does also not affect the profile which is preselected in profile manager under "Multiple profile preferences" as "Default profile for external links". At least that was the setting which i was tinking about when tring to understand the functionality.


can anyone give additional insights on that?

This seems to work for me:

Just to add to this... I had to adapt this to incorporate support for the $ character in our admin usernames and also realised it's case sensitive by default. So, the format changed to this:


In case you didn't know, the "$" has special meaning in regex. So, if we use it then we need to cover it by some other means. So, I had to add in the [[:ascii:]] to get the $ character accepted. Then I realised it's also case sensitive by default. So, needed to add the little i after the ?