There are lots of scenarios and things to consider when using domains in Office 365, Azure, or Intune…
- Domain must be internet routable
Today, in order to use domains with Microsoft Online Services, they must be registered with a domain registrar.
- Verify all domains you want to use
You must verify each domain you want to use in Office 365, Intune, or Azure. This includes any sub-domains of a parent domain you have already verified. For example, if you have already verified contoso.com and you also want to use sales.contoso.com, then you will also need to verify sales.contoso.com.
- Verifying sub-domains of already verified parent domain is automatic
However, verification will be easier with sub-domains. When you verify a parent domain, you have to prove ownership and add DNS records. Then, when you add and verify a sub-domain, you do not need to add any additional DNS records since you already verified the parent domain (assuming this is completed all within the same tenant). For example, when you verify contoso.com in contoso.onmicrosoft.com, then add sales.contoso.com and marketing.contoso.com in the tenant contoso.onmicrosoft.com, they will automatically be verified.
- Verify sub-domains in different tenants
You can't verify sub-domains in a different directory if the parent domain is already verified. As long as a parent domain is not verified in Azure AD, then you can verify sub-domains in different directories or tenants. For example…
- You can verify sales.contoso.com in salescontoso.onmicrosoft.com and
- You can verify marketing.contoso.com in marketingcontoso.onmicrosoft.com.
- Sub-domains take on settings of parent domain
Sub-domains take on authentication settings of parent domain only if the parent domain is verified first. So if you want to only federate a sub-domain and not the parent domain, then verify the sub-domain first.
If you have any tips you want to share about verifying domains, send them to me.
Best Regards from the Tip of the Day Team!