Remove old proxyaddress entry for user in azure active directory

Question

We have an application which uses Azure B2C and Azure Active Directory.

Problem: User A wants to set his specific email address. But this is not possible because User B already used this email address before. User B has a proxyaddresses entry for this email, although User B does not use the emailadress anymore.

We tried to remove the smtp entry in proxaddresses for User B:

1. Azure Portal --> Values for ProxyAddresses are not editable
2. Windows Powershell

Connect-AzureAD -TenantId <TenantID>
$User = Get-AzureADUser -ObjectId "<ObjectIDUserB>"
$User.ProxyAddresses //Displays all proxyaddresses(smtpEntries)
$User.ProxyAddresses.Remove("<smtpEntry>")
Set-AzureADUser -ObjectId "<ObjectIDUserB>" //But then there is no parameter for ProxyAddresses to update

Are we missing something here or is there another way to remove a proxyadress entry for a user in azure ad?

Answer 1

ProxyAddresses attribute for an unlicensed cloud-only user can now be modified using graph.microsoft.com/beta endpoint. For example use Graph Explorer (https://aka.ms/ge) and do a PATCH to update cloud-only non-EXO licensed user's proxyAddresses attribute directly. If using beta endpoint, you will no longer get the "proxyAddresses" is read only error.

PATCH https://graph.microsoft.com/beta/users/userobjectid

{
    "proxyAddresses": [
        "SMTP:[email protected]"
    ]
}

NOTE: Make sure of the following if you get a 403

1. Actor + Graph Explorer has User.ReadWrite permissions
2. User is a cloud only user (onPremisesSyncEnabled = Null) , if user is synched user you should update proxyAddress in on-premises directory which is the source of authority and sync change to cloud instead.
3. User should have an existing mail attribute populated, if they dont then patch a mail attribute first before removing\adding proxyAddresses. The most recent mail attribute is added to proxyAddresses as primary (SMTP:)
4. Check the assignedPlans attribute for any Exchange Online service plans and if user is EXO licensed then proxyAddress must be modified via Exchange Admin console and the domain suffix must be a verified domain name in Entra custom domains.
5. Make sure you are calling graph.microsoft.com/beta endpoint as modifying proxyAddresses is not yet supported on v1.0 endpoint.