Sophos Connect uses "wrong" UPN Suffix

I'm working through a pilot deployment of Sophos Connect for a customer at the moment. Their internal AD domain is quite old, and uses the "org.local" forest and domain name.

All users have a UPN suffix defined as "" or "" - which means their Windows logon matches their email address. Generally speaking, none of them know that "org.local" exists unless they see it in an internal hostname or something similar.

When users are (eventually) registered to the XG however, their logon names seem to use samAccountName@org.local domain name rather than the userPrincipalName. This is going to be quite confusing for many - "it's the same password you always use, but a completely different user name" isn't a simple conversation. I don't see anything - I can define the "domain name" for an AD import, but that's not a complete solution either (multiple UPN suffixes in use here) even if it changes user logon names during creation.

I know this may be more "XG" than "Sophos Connect" related, so I'm OK being asked to post in a different community - but they're not really using any of the features that need identified users other than trying out Sophos Connect.