Questions on controlling SKIP UPN behavior on office apps such as Teams.

%3CLINGO-SUB%20id%3D%22lingo-sub-2842546%22%20slang%3D%22en-US%22%3EQuestions%20on%20controlling%20SKIP%20UPN%20behavior%20on%20office%20apps%20such%20as%20Teams.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2842546%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHi%20Community%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ECustomer%20has%20%26nbsp%3Bbelow%20user%20flow%2Fsetup%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3COL%3E%3CLI%3E%3CSPAN%3EUser%20signs%20in%20to%20physical%2Fvirtual%20device%20which%20is%20domain%20joined%20to%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eedu.lcl.%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3BTheir%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eedu.lcl%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Bidentity%20is%20synced%20to%20an%20Azure%20AD%20Tenant%20via%20AD%20Connect%20(%3C%2FSPAN%3E%3CSPAN%3EABC.com%3C%2FSPAN%3E%3CSPAN%3E).%3C%2FSPAN%3E%3C%2FLI%3E%3CLI%3E%3CSPAN%3EOffice%2C%20Teams%2C%20OneDrive%20then%20tries%20to%20SSO%20in%20to%20apps%20using%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22mailto%3Ausername%40ABC.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%3Eusername%40ABC.com%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%3CLI%3E%3CSPAN%3EThe%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EABC.com%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eaccount%20is%20not%20licensed%20for%20Office%20services%2C%20they%20need%20to%20use%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22mailto%3Ausername%40XYZ.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%3Eusername%40XYZ.com%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%E2%80%93%20The%20customer%20has%20no%20control%20over%20the%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EXYZ.com%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Btenant%2C%20its%20there%20for%20licensing%20purposes.%3C%2FSPAN%3E%3C%2FLI%3E%3CLI%3E%3CSPAN%3EWe%20need%20a%20solution%20that%20allows%20the%20users%20to%20SSO%20into%20apps%20using%20%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22mailto%3Ausername%40XYZ.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%3Eusername%40XYZ.com%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bevery%20time.%20If%20this%20is%20not%20possible%20we%20need%20to%20mask%20hide%20and%20stop%20login%20prompts%20to%20office%20services%20for%20the%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EABC.com%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Bdomain%3C%2FSPAN%3E%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EExample%20for%20OneDrive%20on%20each%20login%2C%20how%20do%20we%20get%20it%20to%20remember%20%40%3C%2FSPAN%3E%3CSPAN%3EXYZ.com%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Bcredentials%3F%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22SBV_0-1634140183037.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F317085i96F92B6D459466ED%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22SBV_0-1634140183037.png%22%20alt%3D%22SBV_0-1634140183037.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ETeams%20is%20prepopulated%20as%20below%20(%3C%2FSPAN%3E%3CA%20href%3D%22mailto%3AUser%40ABC.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%3EUser%40ABC.com)%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22SBV_1-1634140183041.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F317086i8612D6859DD68C03%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22SBV_1-1634140183041.png%22%20alt%3D%22SBV_1-1634140183041.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ENote%3A%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThere%20are%20registry%20keys%20to%20control%20a%20lot%20of%20these%20settings%20but%20its%20unclear%20to%20customer%20that%20what%20the%20optimal%20setup%20with%20dual%20identities%20setup%20in%20this%20way.%20The%20SkipUpnPrefill%20option%20mentioned%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Fmicrosoftteams%252Fsign-in-teams%2523how-modern-authentication-works%26amp%3Bdata%3D04%257C01%257Cbalgan%2540microsoft.com%257C5a18f37f2bf64f748df908d9881a2689%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637690468210124979%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C1000%26amp%3Bsdata%3DbM6VBK99T4TI5f%252BZ04TQcwNY%252B466uz36%252Bn9Ww38lQHU%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%3Ehere%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bseems%20temperamental%20for%20example.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAny%20guidance%20would%20be%20of%20great%20help!%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2842546%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20DNS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%20And%20Compliance%20Center%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Frequent Contributor

Hi Community,

 

Customer has  below user flow/setup

 

  1. User signs in to physical/virtual device which is domain joined to edu.lcl. Their edu.lcl identity is synced to an Azure AD Tenant via AD Connect (ABC.com).
  2. Office, Teams, OneDrive then tries to SSO in to apps using username@ABC.com
  3. The ABC.com account is not licensed for Office services, they need to use username@XYZ.com – The customer has no control over the XYZ.com tenant, its there for licensing purposes.
  4. We need a solution that allows the users to SSO into apps using  username@XYZ.com every time. If this is not possible we need to mask hide and stop login prompts to office services for the ABC.com domain

 

Example for OneDrive on each login, how do we get it to remember @XYZ.com credentials? 

 

SBV_0-1634140183037.png

 

Teams is prepopulated as below (User@ABC.com) 

 

SBV_1-1634140183041.png

 

Note: 

There are registry keys to control a lot of these settings but its unclear to customer that what the optimal setup with dual identities setup in this way. The SkipUpnPrefill option mentioned here seems temperamental for example.

 

Any guidance would be of great help!

0 Replies