I'm the sole admin at a small non-profit collaborating with a larger organization. We're transitioning to a new local domain that is Entra joined, which is necessary for the cybersecurity compliance features from the larger org. My users typically log in through ad.myorg.com, but we all receive free O365 accounts with the larger organization (largeorg.com). I don't have admin access to anything on largeorg.com. Usually, this setup works fine, although I occasionally need to remind users to log in with their largeorg.com credentials instead (which requires signing out and back in). Recently, I've noticed more issues with users continuously trying to log in using their ad.myorg.com accounts, especially with the new domain. The larger organization offered to add us as tenants in their AD, but this isn't an option our Director is considering. Is there anyone else with a similar configuration? What solutions am I missing? Thanks for your help!
3 Answers
It sounds like your problem is because the User Principal Names (UPNs) for your users aren't matching with those in Entra. Try adding a UPN suffix to your AD domain to sync with theirs; that should ease the login issues you're facing.
Microsoft has a new solution in preview that might help with your situation. It's aimed at enhancing email sign-in for O365, and you might find it useful. Check out their guide for more info!
Have you considered asking the parent organization to include you in their AAD Connect relationship? It could give you a solid source of truth for your users’ identities and potentially allow for password write-back. I know it might complicate some functions, but it’s worth exploring if it could simplify things for you.
If I set up [email protected] as a Proxy Address, won't it still default to logging in with the myorg.com account? I need them to use their largerorg.com accounts specifically for O365 while keeping their myorg.com for workstations.