This article addresses an issue where your User Principal Names (UPNs) might change following a Defend deployment. This known Microsoft issue can occur when a domain is added to your Microsoft 365 tenant without automatically syncing your on-premise Active Directory (AD) and Entra AD.
When deploying Defend to your Microsoft 365 tenant, you may need to add one or more accepted domains to your tenant. Adding these domains is necessary to ensure proper mail flow back to your Microsoft 365 environment after Defend processing. To learn more about these domains, read the Microsoft Scenario Integration article.
Defend cannot prevent this issue during installation, but it can be mitigated by following the steps below:
- Being prepared to revert any UPN changes after deployment. Only one nonsynchronous operation is performed, so this action only needs to be done once.
- Ensuring that your on-premise AD and Entra AD are synced with Entra Connect before deployment.
For more detailed information, please refer to the Microsoft Bulk Changes and Prepare a nonroutable domain for directory synchronization articles from Microsoft.