undefined | Better HN

0 pointsdelfinom1y ago0 comments

Ah yes, good reminder, it also causes IT hell.

If you register an AD tenant, you can associate an domain with it, when you do this. It means all your windows accounts are also

something@domain.com

instead of the azure default of

something@tenantname.onmicrosoft.com

It is 100% optional to associate a domain and an explicit action. This to me means they are using the domain on azure for Windows AD.

Now why is this bad?

Well, Microsoft has two types of accounts "Personal" and "Work/School" accounts. You can create "Personal" accounts against any email address/domain. However, once you register an Azure AD Tenant, the default is to disable registering further personal accounts. The goal is to avoid corporate users leaking work documents to personal non-managed accounts. There is also an option to force merge any existing personal accounts at the verified corporate domain into work accounts.

Say tutanota, being the geniuses they are disabled the setting that turns off personal account for their verified domain.

Well those IT guys will now have completely worthless audit logs because there'll be constant failed logins from people accidentally selecting "work/school accounts" in the login screen when asked what type of account it is. Not to mention you'll have the reverse of employees accidentally creating personal accounts because some microsoft prompts are weird and may refuse to offer work/school as a login option.

0 comments

arethuza1y ago

Would it have been better if they had kept the company name as "tutanota" and called their email service "tuta" on the "tuta.com" domain?

delfinomOP1y ago

Yea that would been the sane and professional way to do it.

j / k navigate · click thread line to collapse