Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
@Justin Rubow Thanks for reaching out.
Your scenario can be achieved by using something called Alternate login ID. Read more about it here. This contain detailed information about configuration and usage.
Here's what you need to know about email as an alternate login ID:
The feature is available in Azure AD Free edition and higher.
The feature enables sign-in with verified domain ProxyAddresses for cloud-authenticated Azure AD users.
When a user signs in with a non-UPN email, the unique_name and preferred_username claims (if present) in the ID token will have the value of the non-UPN email.
There are two options for configuring the feature:
1)Home Realm Discovery (HRD) policy - Use this option to enable the feature for the entire tenant. Global administrator privileges required.
2)Staged rollout policy - Use this option to test the feature with specific Azure AD groups. Global administrator privileges required.
-----------------------------------------------------------------------------------------------------------------
If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.