Office365 Connector enabled
Let's add user Rick O'Shea to AD (samAccountName ro'shea, email email@example.com. This synchronises into NCA: (looked at the user via ldapsearch)
> dn: cn=roshea,ou=users,o=data
> cn: ro'shea
> cn: roshea
At this point, the user can log into the NCA appliance with ro'shea, roshea, or firstname.lastname@example.org without issues.
After adding the user to an office 365 policy mapped group to get him provisioned to O365, we confirm he is provisioned to Office365. Since we use the immutableID with the saml assertion for SSO, his UPN doesn't really matter too much at this point, but here's his current O365 info:
> upn: email@example.com
> DisplayName: Rick O'Shea
> Firstname: Rick
Next we added the exchange entitlement to Rick's group to give him an O365 exchange mailbox: His email address is: firstname.lastname@example.org (no apostrophe) and I can send email to this address. With the apostrophe included, it fails naturally because the email recipient "ro'shea" doesn't really exist.
In the next version of CloudAccess (3.0), the admin will have the ability to change the 'provisioning naming style' for the O365 users to something like firstname.lastname. In the fname.lastname case for 3.0, the user exchange accounts in o365 would look like email@example.com and you would be able to send email to that address with the apostrophe.