July 1, 2026 Stories worth reading. Perspectives worth sharing.
Multi-Email Support for Entra Personal Contacts: What Admins Need to Know
Entra ID

Multi-Email Support for Entra Personal Contacts: What Admins Need to Know

Mo Wasay June 29, 2026 4 min read
Multi-Email Support for Entra Personal Contacts: What Admins Need to Know

WHAT JUST CHANGED

Microsoft has expanded the contact resource in Microsoft Graph by introducing three new properties: primaryEmailAddress, secondaryEmailAddress, and tertiaryEmailAddress. This change is GA (General Availability) as of June 2024 and affects all Entra ID tenants where personal contacts are used. The updated Graph schema is now live across v1.0 endpoints and available for all admins and developers integrating with Entra ID.

Tenants affected: All Microsoft Entra ID tenants (cloud-only and hybrid).

Roles affected: Identity admins, user admins, external identity managers, and application owners integrating with contacts.

Licensing: No additional licensing required—this is a platform-level update.

What’s changed:

  • primaryEmailAddress: Now the canonical email for a contact, distinct from legacy emailAddresses array.
  • secondaryEmailAddress and tertiaryEmailAddress: Support alternate routing and compliance scenarios.
  • Graph API schema update: Contact documentation now reflects these properties.

WHAT’S NEXT ON THE ROADMAP

Microsoft’s identity roadmap signals further improvements for contact management:

  • External ID lifecycle enhancements: Guest user and contact management will converge, allowing richer profiles and lifecycle automation.
  • Conditional Access for Contacts (Preview): CA policies are expected to extend to contacts in B2B scenarios for more granular access control.
  • Expanded custom attributes: Look for custom attribute support on contacts, allowing organizations to store richer metadata.
  • Bulk import/export: PowerShell and Graph improvements to streamline contact migration from legacy systems (Exchange, Google Workspace).

Admins should monitor Entra ID roadmap updates and start reviewing their contact integration patterns for compatibility and potential automation opportunities.

WHY THIS DIRECTION IS BETTER

Previously, contacts in Entra ID (and Azure AD) had a single emailAddresses array, which made routing, compliance, and integration complex and error-prone. Competing IdPs (like Okta and Google Workspace) already separate primary and alternate emails, providing clarity for authentication and notification workflows.

  • Improved clarity for automation: Distinct email fields reduce ambiguity and errors in workflows, especially for B2B scenarios.
  • Compliance-ready: Easier to audit and report on alternative communication channels, aiding GDPR and enterprise compliance.
  • Better integration with downstream systems: Apps and custom workflows can now reliably target primary or alternate emails.
  • Smoother migration from legacy sources: Allows mapping from multi-email fields in Exchange or Google Contacts without custom logic.

For admins, the new schema simplifies everything from onboarding to incident notification and reduces risk from outdated contact info.

ADJACENT ENTRA ID CHANGES YOU SHOULD KNOW

  • Contact deletion safeguards (2024 Q2): Soft-delete and recovery for personal contacts is now available in preview.
  • B2B guest invitation UX update: The Entra admin center now supports multi-email invitations directly from the portal.
  • Microsoft.Graph PowerShell module update: Ensure you are using v2.14+ to access new contact properties.
  • Conditional Access targeting for contacts: In preview, allowing granular CA rules for contact-based access.

WHAT TO DO: ADMIN ACTIONS

  1. Audit existing contacts for missing or ambiguous email fields.
  2. Update integration scripts to leverage new properties (primaryEmailAddress, secondaryEmailAddress, tertiaryEmailAddress).
  3. Review guest invitation workflows, ensuring alternate emails are captured.
  4. Train helpdesk and user admins on updated portal UX for contacts.
  5. Monitor upcoming roadmap items for bulk migration and custom attributes.

CHECK IT YOURSELF: POWERSHELL AUDIT

To report on all contacts, including new email properties, use the Microsoft.Graph module:

# Prerequisite: Install-Module Microsoft.Graph -Scope CurrentUser
# Scope: User.Read.All or Contacts.Read
Connect-MgGraph -Scopes 'Contacts.Read'

function Get-EntraContactsWithEmails {
    param (
        [int]$PageSize = 100
    )
    $contacts = @()
    $response = $null
    $uri = 'https://graph.microsoft.com/v1.0/me/contacts?$top=' + $PageSize
    try {
        do {
            $response = Invoke-MgGraphRequest -Uri $uri -Method GET
            if ($response.value) {
                $contacts += $response.value | Select-Object displayName, primaryEmailAddress, secondaryEmailAddress, tertiaryEmailAddress
            }
            $uri = $response.'@odata.nextLink'
        } while ($uri)
    } catch {
        Write-Warning "Failed to query contacts: $_"
        return $null
    }
    return $contacts
}

$contacts = Get-EntraContactsWithEmails
if ($contacts) {
    $contacts | Format-Table
} else {
    Write-Output "No contacts or missing permissions."
}

This script audits all contact records for the presence of primary, secondary, and tertiary email addresses. It handles pagination and errors gracefully, requires no modification, and does not update or delete any data.

Portal Path

  • Entra Admin Center: IdentityUsersContacts → Select a contact → Email Addresses panel
  • Azure Portal: Microsoft Entra IDPersonal Contacts → Contact details → Email Addresses

BOTTOM LINE

  • Priority: Review and update contact management scripts and workflows ASAP.
  • Train admins on new email fields to reduce communication errors.
  • Audit contact data for completeness and compliance.
  • Monitor roadmap for bulk migration and custom attributes.

Multi-email support for contacts is foundational for improved communication, compliance, and automation. Start auditing and updating today.