In the Windows operating system’s Active Directory, a User Principal Name (UPN) is the name of a user. The User Principal Name is basically the ID of the user in Active Directory and sometimes might not be same as users’ email.

Office 365 does not require that users’ email matches User Principal Name. For example, User Principal Name can be or while user’s email can be Or if you migrated from on-premise Active Directory to Office 365 online you UPN still can look like this: “DOMAIN\username”

But even though Office 365 does not require that users’ email matches User Principal Name it is very important to make is such. Here are the reasons why:

User Confusion

Your users will need to understand what their UPN is and that it is the login for all things Office 365 related. As you’ll see below, there are some prompts that will say “enter your email” but they will, in fact, need to use their UPN. You may want to consider making their UPN an alternate email address on their account as users are bound to get confused here; it won’t help them login but it will if an email response is expected and they enter the wrong value.

Skype for Business Online

The UPN in Office 365 becomes the default SIP address in Skype for Business Online. But your SIP address should match your email address, especially if you plan to communicate with federated partners.

Office ProPlus

I noticed a while back that Office ProPlus will occasionally prompt the user for credentials either as part of logging into the application for activation or the “call us overprotective” prompt. When it prompts the user for credentials, the prompt explicitly says “Type your email address”.

Unfortunately, Microsoft is making some assumptions here because they really mean “type in your Office 365 login (UPN)”. You will need to communicate to your users that this is really their UPN despite what the prompt says to enter.

Mobile Applications

Much like Office ProPlus, the iOS versions of Office and OneDrive prompt the user for their email address and again, they really mean the UPN.


Most ActiveSync clients will automatically configure using Autodiscover. When your UPN matches your email, you basically just enter in your email and password. When they don’t match, you enter your email and password, then you’ll get prompted to enter your login (UPN) to actually authenticate. You can see how this would be confusing for the user to now enter in two “” values that are similar but different. They will also need to break the habit of using DOMAIN\username for the login to cloud services (aside from some scenarios where you’re on the internal network and using AD FS).