Within the Microsoft Office365 suite of plugins

You’ve noticed that the UPN (User Principle Name) from Azure AD is represented within the email field within Moodle, even though all you have done is update the Office365 plugin suite set to the latest plugins.

What is going on there then?

If like us you have LTI which allow users access via their email address, then you will most likely find that these are now broken.

How to fix

Run the following SQL on the database

SELECT * FROM mdl_config_plugins WHERE plugin = 'local_o365' AND name = 'aadtenantid';

Does this return a blank entry ?

It should not be, it should return something which looks like this

You need to go here and get a Azure Administrator to login on the other side of the ‘Provide Admin Consent’ button : <a href=”http://<Your Moodle Site>/admin/settings.php?section=local_o365

This writes back the above required information so the sync can correct talk to Azure AD, rather than it only talking in a guest mode, in guest mode it can only get your UPN and not your email details.

Now perform a Full user sync by first going here : http://<Your Moodle Site>/local/o365/acp.php?mode=maintenance_cleandeltatoken This clears the delta tokens and forces the sync to do one full sync.

Then allow ‘Azure AD Sync’ in task scheduler to run, it will take a while to do so, it takes around 1.5hrs on our site.

Now check that username is UPN and email is email from Azure AD, although redacted the below gives you an idea that there is a difference.

Why has this happened? one of the updates has blanked out the settings in the database. I’ve asked the developers to consider adding whether the connection to the tenant is good by showing that in the Moodle frontend.