user has same email for work and personal outlook
Posted by Kindly-Wedding6417@reddit | sysadmin | View on Reddit | 28 comments
Hello,
We have a user who's email always shows up as 'External' on outlook. I decided to get his email and try to sign in via Login.live and it asked for the password... I'd assume this was done before MS stopped.
What can i do as an admin to make sure this stops so they only have a work account with that email? Simply tell that person to delete their personal account ?
If that's the only real solution, what can they do if they forgot the PW and dont have access to reset ?
RAMSxAI@reddit
I do not understand the issue, why are you using live login with a work email?
Live is personal, Outlook is work. If your tenant is setup correctly you cannot login to live with an exchange email.
More information might help.
Kindly-Wedding6417@reddit (OP)
User A = person i am concerned about.
Whenever i email User A, his email shows up as an external user. That is odd because he has always been an internal user. My first check to troubleshooting this was to see if somehow his email really is external.
I went to login.live to see if his account will say 'not a personal account' (i dont know why this was my first choice, but it was), and sure enough, the username went through and started asking for a password. This confuses me because we have a custom domain for our business, so you shouldn't be able to use that domain, let alone the exact username+domain for a personal account, but it happened.
My first problem: user showed up as external user
My new huge problem: his account can be seen as a personal account eventhough he has zero recollection of ever doing so (nor did he even think it was possible)
RAMSxAI@reddit
Sounds like you need to make sure your domain is verified and if so open a support ticket with MS. If not verify your domain and it should have steps to resolve conflicts.
Kindly-Wedding6417@reddit (OP)
that's not the case
Blade4804@reddit
you can use your work email for auth to a personal account, you cannot send as your work email from your personal Microsoft account that you logon with your work email address.
check your message tracking, and contacts. someone might have added the personal email address to a contact card of his work email address. or to his profile on the work/school account.
Kindly-Wedding6417@reddit (OP)
Just checked,, nothing so far.. If his MS work acc is xxyz234@company, his personal MS login live account is also xxyz234@company. No other usernames or contacts
excitedsolutions@reddit
I remember this from 2016. We were setting up users to sync photos from corp owned phones and od4b didn’t support photo synch. One drive personal did though. We went through the process of creating one drive personal accounts for those users and was surprised that they could use their existing and licensed work account email to signup for OneDrive personal. Went through that process and onboarded all those phones with one drive personal. Then in 2020 all those users got emails from MS saying that they cannot use the same email as an existing work email and we had to change the account associated with one drive personal. It was confusing and a pita to deal with both going in and going out of this.
I do t know if OP is encountering one of these situations that should have been forced to change their personal account 6 years ago or not.
ExceptionEX@reddit
If the user made the personal account before microsoft stopped it, or before you all signed up for office 365 you can have these issues. You can get the user to login to the personal account, in the settings you can changed the email associated with that account, and switch it to a personal email account.
It is insane to me that microsoft doesn't have a check for this on tenant set up, or a tool to help deal with it, whenever we have an old domain that we are migrating to office 365 we seem to have these sort of issues with a few users, and they manifest themselves in weird ways.
Admittedly I've never seen the issue you seem to be having.
KennySuska@reddit
Are you sure this is not a forwarding rule from their personal email? Assuming you have your own domain setup correctly, someone cannot simply setup a personal email with your domain.
apandaze@reddit
this is a thing that can happen, not the way youre thinking though. ive seen it before as well with a small business - the business starts small, the owner makes a personal microsoft account for it with the domain. the business grows, they go to microsoft for business emails and now both emails exist. my old job bought a company, the owner had both a personal email & business email with the same address. Messed with his outlook often, the worst thing really.
Jarasmut@reddit
How is it possible to make a personal account with a custom domain though? That's a 365 business offering to begin with. Or was this possible in the past and Microsoft didn't do a cross check between their end user offerings and their business offerings? That would be insane...
apandaze@reddit
past? right now you can go to microsoft's site and create any email you want - because you can do this doesnt mean microsoft owns or validates that domain, it just uses the email as a username. which is the start of the problem but 🤷
Jarasmut@reddit
That's for creating a Microsoft account though. Like any other website it asks for your e-mail address when creating a new account.
apandaze@reddit
https://signup.live.com/signup?nopa=2&client_id=0000000048183522&contextid=193066E0E5F44161&opid=FBD726638F5A6F7C&bk=1680441452&sru=ht&lic=1&uaid=83f95ce09b2245dd99e3e068359fcf7d&username=prefillUserName
apandaze@reddit
I just made an email with pandaze.com that link verifies one thing: is it a tenant? then no, you cannot have that email, otherwise it will allow it. you can find that link by google searching 'create microsoft email account' like 4th link in the search
KennySuska@reddit
Interesting, thanks for the info. Never came across this one before.
apandaze@reddit
i hadnt heard of it either until about 2 yrs ago - i tried it again and it seems to still be a thing: https://signup.live.com/signup?nopa=2&client_id=0000000048183522&contextid=193066E0E5F44161&opid=FBD726638F5A6F7C&bk=1680441452&sru=ht&lic=1&uaid=83f95ce09b2245dd99e3e068359fcf7d&username=prefillUserName
Kindly-Wedding6417@reddit (OP)
whats the fix?
apandaze@reddit
sign out of everything inside office products, signed out under Work or School accounts in settings, clear any saved creds in credential manager, delete these two folders:
C:\Users\%username%\AppData\Local\Microsoft\IdentityCache
C:\Users\%username%\AppData\Local\Microsoft\Office\16.0\Licensing
(I used to use OffScrub or SaRA but Microsoft has done away with it).
You can use GetHelpCmd.exe - more info below:
https://learn.microsoft.com/en-us/troubleshoot/microsoft-365/admin/miscellaneous/get-help-command-line-overview
Kindly-Wedding6417@reddit (OP)
if both their MS work and MS personal account is both xxyz234@company... how would forwarding rule work ?
KennySuska@reddit
I was just mentioning the forwarding rule as something to check in the email header or message tracking. I assume you checked their mail aliases and contacts as well to ensure they haven't somehow ended up with a personal address setup?
I am just having a hard time wrapping my head around a personal email being setup with your custom domain. I have only seen that sort of thing with domain spoofing or anonymous relay hijacking, but your user doesn't seem to be doing this maliciously based on what you described.
NetworkCanuck@reddit
The login for their personal account is the same, that isn't the email address for the personal account.
Kindly-Wedding6417@reddit (OP)
Their email addresses (for office.com and login.live logins) are identical + their work email shows up as an external contact on our EXO which makes me think they might be the same
Anonymous1Ninja@reddit
Change the work email with a number?
98723589734239857@reddit
see this all the time. sometimes when an application asks the user to sign in to their Microsoft account it asks if you want to use a Personal or a Work account and for the love of me I don't know why but users don't seem to understand they're at work, and click Personal. They enter their work email and the login page says "hey that's not in our system... you wanna make an account with this email?" and of course the user clicks yes, creating an account with the exact same login name, but not tied to the company, it doesn't appear in AD/Azure, and of course no license. I understand the fix for this is for Microsoft to NEVER EVER ask for a login when the user is logged into a synched work-profile on Edge, but that is outside of our hands.
I've actually tried to see if there's a way to stop it, but apparently the best you can do is tell your users "do not click the Personal account option, you're at work. Use your work account. It's completely separate."
You can lead a horse to water but you can't make it drink, and in the same vein, you can make it as simple as possible for a user, they will always find a way to fuck up.
Kindly-Wedding6417@reddit (OP)
when a user is past that point, how would you fix the issue ?
98723589734239857@reddit
I lead them through the account deletion steps and delete the account. You can choose 1 month or 2 months, so it'll take a month for it to be gone, but then it's gone, as long as the user doesn't try to log back into the account within that month.
markth_wi@reddit
When their massive, massive mail spam will not stop, it's just an necessary business choice that legal makes it clear they would prefer as of the receipt of more colorful non-business related emails that IT is directed to ensure corporate systems are immediately quarantined from any risks associated to the private preferences of employees.
This is in furtherance of a good-use policy for all employees, as the continued use of corporate resources is limited to minor private email and those extracurricular activities which might be strongly aligned with previously approved corporate extracirricular activities.