Some organizations force users to login with their Active Directory `UserPrincipleName` address and don't allow them to authenticate with their Active Directory `mail` address.
Nylas Hosted authentication requires that Office365 users authenticate with their Active Directory `mail` value.
If that is not possible, there are two options. Both require the use of Nylas Native authentication instead of Hosted. Keep in mind that accounts can freely use either and they have no affect on what the Nylas account after being created.
1: Get the email administrator to make a service account and authenticate the affected accounts that way via our Native authentication. We have a guide here: https://developer.nylas.com/docs/developer-guide/provider-guides/microsoft/office-365-service-accounts/
2: Collect the authentication tokens from Microsoft yourself and send them to Nylas using our Native authentication. This allows the user to authenticate with their UserPrincipleName normally and when you send the authentication token to Nylas via our API, send us their Active Directory `mail` address as the `email_address` payload value. Information on these API calls can be found here: https://developer.nylas.com/docs/developer-guide/provider-guides/microsoft/microsoft-authentication/#modern-or-oauth-authentication