Adding multiple domains to RestrictSigninToPattern string

%3CLINGO-SUB%20id%3D%22lingo-sub-1412242%22%20slang%3D%22en-US%22%3EAdding%20multiple%20domains%20to%20RestrictSigninToPattern%20string%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1412242%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20using%20the%20RestrictSigninToPattern%20policy.%20I%20recently%20received%20a%20request%20to%20add%20an%20additional%20domain%20to%20the%20policy.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20example%20on%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FDeployEdge%2Fmicrosoft-edge-policies%23restrictsignintopattern%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Epolicy%20description%20page%3C%2FA%3E%20only%20has%20a%20single%20entry%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AndrewSAIF_0-1590168398232.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F193961iC0D4FB3CCC8A24A6%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22AndrewSAIF_0-1590168398232.png%22%20alt%3D%22AndrewSAIF_0-1590168398232.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EThe%20most%20obvious%20thing%20to%20try%20from%20the%20example%20was%20to%20separate%20them%20with%20a%20comma%2C%20but%20this%20did%20not%20work.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20found%20this%20reddit%20post%3A%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3Ehttps%3A%2F%2Fwww.reddit.com%2Fr%2FSCCM%2Fcomments%2Few26fp%2Fedge_chromium_gpo_restrictsignintopattern%2Fffzoe08%2F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20looks%20like%20it%20is%20looking%20for%20a%20regex.%20So%20if%20you%20want%20to%20add%20multiple%20entries%2C%20you%20can%20do%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E%5E.*%40domain1.com%24%7C%5E.*%40domain2.com%3C%2FSTRONG%3E%3CSTRONG%3E%24%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20way%20the%20syntax%20can%20be%20added%20to%20the%20documentation%20for%20this%20policy%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3CP%3EAndrew%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1463114%22%20slang%3D%22en-US%22%3ERe%3A%20Adding%20multiple%20domains%20to%20RestrictSigninToPattern%20string%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1463114%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F458117%22%20target%3D%22_blank%22%3E%40AndrewSAIF%3C%2FA%3E%26nbsp%3B%20That%20is%20exactly%20what%20I%20am%20looking%20for.%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F41501%22%20target%3D%22_blank%22%3E%40microsoft%3C%2FA%3E%26nbsp%3Bcan%20you%20confirm%20that%20this%20entry%20works%20also%20in%20the%20future%3F%20Why%20is%20this%20option%20not%20in%20the%20documentation%20as%20example%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3CBR%20%2F%3EReto%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1469795%22%20slang%3D%22en-US%22%3ERe%3A%20Adding%20multiple%20domains%20to%20RestrictSigninToPattern%20string%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1469795%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20wondering%20how%20this%20policy%20works%20atall.%20The%20description%20states%20%22Determines%20which%20accounts%20can%20be%20set%20as%20browser%20primary%20accounts%20in%20Microsoft%20Edge%20(the%20account%20that%20is%20chosen%20during%20the%20Sync%20opt-in%20flow)%22.%20What%20happens%20now%20if%20you%20add%20your%20AAD%20domain%20as%20well%20as%20.*%40hotmail.com%3F%3C%2FP%3E%3CP%3EWhich%20one%20would%20then%20be%20chosen%20during%20the%20Sync%20opt-in%20flow%3F%3C%2FP%3E%3CP%3EIt%20seems%20this%20does%20also%20not%20affect%20the%20profile%20which%20is%20preselected%20in%20profile%20manager%20under%20%22Multiple%20profile%20preferences%22%20as%20%22Default%20profile%20for%20external%20links%22.%20At%20least%20that%20was%20the%20setting%20which%20i%20was%20tinking%20about%20when%20tring%20to%20understand%20the%20functionality.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1508082%22%20slang%3D%22en-US%22%3ERe%3A%20Adding%20multiple%20domains%20to%20RestrictSigninToPattern%20string%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1508082%22%20slang%3D%22en-US%22%3E%3CP%3Ecan%20anyone%20give%20additional%20insights%20on%20that%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hello,

 

I am using the RestrictSigninToPattern policy. I recently received a request to add an additional domain to the policy. 

 

The example on the policy description page only has a single entry: 

AndrewSAIF_0-1590168398232.png

The most obvious thing to try from the example was to separate them with a comma, but this did not work.

 

I found this reddit post:

https://www.reddit.com/r/SCCM/comments/ew26fp/edge_chromium_gpo_restrictsignintopattern/ffzoe08/

 

It looks like it is looking for a regex. So if you want to add multiple entries, you can do:

 

^.*@domain1.com$|^.*@domain2.com$

 

Any way the syntax can be added to the documentation for this policy?

 

Thanks!

Andrew

3 Replies
Highlighted

@AndrewSAIF  That is exactly what I am looking for. 

@Microsoft can you confirm that this entry works also in the future? Why is this option not in the documentation as example? 

 

Thanks!
Reto

Highlighted

I'm wondering how this policy works atall. The description states "Determines which accounts can be set as browser primary accounts in Microsoft Edge (the account that is chosen during the Sync opt-in flow)". What happens now if you add your AAD domain as well as .*@hotmail.com?

Which one would then be chosen during the Sync opt-in flow?

It seems this does also not affect the profile which is preselected in profile manager under "Multiple profile preferences" as "Default profile for external links". At least that was the setting which i was tinking about when tring to understand the functionality.

 

Highlighted

can anyone give additional insights on that?