Email Alias as a security measure

Scott Holland 1 Reputation point
2020-11-24T20:42:48.707+00:00

People frequently sign up for external services using their work emails. It is possible that they use the same or similar password that they use for work. Is it possible to block an email alias from being used to login while still allowing it to receive email? If the alias could receive email but not be allowed login privileges (OWA, AD, O365) then each user could be provided one or more sacrificial aliases for setting up work related external subscriptions. If the external service was compromised and the alias\password combination exposed, they could not be used to access any services.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,503 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 145.6K Reputation points MVP
    2020-11-24T21:17:56.843+00:00

    Email Aliases are not used to logon, the UserPrincipalName is. Typically those match the PrimarySMTPAddress.

    So if your Primary SMTP Address is user@Company portal .com and your user principal name is user@Company portal .com, then you logon as that.

    If however you also have an email alias of OtherUser@Company portal .com, it will receive email sent to the alias, but you can not logon as OtherUser@Company portal .com to Azure/365 etc...

    So, bottom line, what you are asking already exists.

    Note also that Office 365 also support plus addressing now. Consider having your users sign up using aliases like those instead

    https://learn.microsoft.com/en-us/exchange/recipients-in-exchange-online/plus-addressing-in-exchange-online

    3 people found this answer helpful.
    0 comments No comments