We have a domain where users have a UPN of email@example.com
However the older NetBIOS name for the domain contans part of the company name, which causes an issue for one department that need "plausible deniability" of being part of our organisation.
When they logon appending full UPN suffix that hides the NETBIOS name from the logon screen, but it still appears in the UAC prompt etc. If they do not add @group.local to their username when logging in then they get logged in with the netbios domain name e.g. DOMAIN\username.
Is there any way to use any group policy settings to help us out here? It is a very large enterprise-level domain so changing the NetBIOS name is obviously not an option.