I am using the RestrictSigninToPattern policy. If a user attempts to create a new browser profile using a domain that is not on the allow list, there is no way to remove this failed profile using the browser UI. It looks like the menu to edit or remove the profile only appears on the active profile:
If you click Switch, it brings up the sign-in prompt and does not switch the active profile, so the menu never appears to delete it.
I am able to work around this issue by deleting the corresponding user data folder and the localstate file in %localappdata%\Microsoft\Edge\User Data, but it would be nice if this were possible in the UI so it isn't an automatic support call when someone tries to sign into the wrong account.