By default, when you create a new tenant in Microsoft 365, it is automatically assigned a domain name in the form of
Custom domains enable you to tailor your Microsoft 365 environment to align with your organization’s branding. Instead of using the default onmicrosoft.com domain, you can add your organization’s domain (For example, contoso.com) to Microsoft 365.
Adding a Custom Domain
To add a custom domain, follow these steps:
- Visit the Microsoft 365 admin center and navigate to Show All > Settings > Domains
- Click on “Add domain”
- Enter your custom domain name and follow the steps to confirm that you own the domain
- Once confirmed, you can set up the domain’s DNS records to work with Microsoft 365 services like email and Teams
For verification, Microsoft 365 uses a TXT or MX record of your domain. You can add this record to your DNS configuration where your domain is registered.
Managing Custom Domains
Once the custom domains are configured, managing them involves updating DNS records, setting the default domain, and removing domains. Here are examples of each.
Updating DNS Records:
Generally, Microsoft 365 handles DNS changes automatically when you add a domain. However, depending on your configuration, you may need to update DNS records manually. The admin center provides a list of the required DNS records.
Setting the Default Domain:
By default, the first custom domain added to Microsoft 365 becomes the default. However, you can change the default domain at any time:
- In the Microsoft 365 admin center, navigate to Settings > Domains
- Select the domain you wish to make the default
- Click on “Set as default”
Removing Domains:
If a domain is no longer needed, you can remove it from the Microsoft 365 admin center. However, you must ensure no resources (like user accounts) are tied to the domain before removal.
These are the fundamental tasks in configuring and managing custom domains for the SC-300 examination. Understanding these tasks ensures that your organization’s identity features can correctly perform their functions while maintaining brand consistency.
Remember, the best way to understand these actions is to put them into practice in your environment. Always refer to Microsoft’s documentation for the most accurate and up-to-date information concerning Microsoft 365 and custom domain management.
Practice Test
True or False: B2C in Azure AD stands for Business to Consumer.
- True
- False
Answer: True
Explanation: Azure AD B2C is an identity management service that enables you to customize and control how customers sign in and manage their profiles when using your applications.
What should you have to configure a custom domain in Azure Active Directory (Azure AD)?
- a) Microsoft 365 subscription
- b) Azure AD basic subscription
- c) Basic domain name
- d) Azure AD premium subscription
Answer: c) Basic domain name
Explanation: A basic domain name is required to set up a custom domain in Azure AD. Other subscriptions like Microsoft 365 or Azure AD premium can complement this, but the basic requirement is a domain name.
True or False: You can’t add a custom domain name using the Azure portal.
- True
- False
Answer: False
Explanation: You can add a custom domain name using the Azure portal. The Azure portal provides a way to add and manage custom domain names.
Can you add a subdomain of a domain that you’ve already verified as a custom domain name?
- a) Yes
- b) No
Answer: a) Yes
Explanation: You can add a subdomain of an already verified domain as a custom domain name. However, you must first verify the subdomain in the same way you verified the primary domain.
Which Microsoft service allows you to customize and control how customers sign in?
- a) Microsoft 360
- b) Microsoft Azure AD B2B
- c) Microsoft Azure AD B2C
- d) Microsoft Azure AD B1C
Answer: c) Microsoft Azure AD B2C
Explanation: Azure AD B2C is a customer identity access management solution that enables you to customize and control how customers sign up, sign in, and manage their profiles.
True or False: You need to remove all references to a custom domain in the Azure portal before you can remove a custom domain.
- True
- False
Answer: True
Explanation: You must remove all of the references to a custom domain in the Azure portal before you can remove a custom domain.
Is it necessary to verify a domain before using it?
- a) Yes
- b) No
Answer: a) Yes
Explanation: It is necessary to verify your domain in Azure AD to ensure that you own it or have permissions to link it to your Azure directory.
Which type of custom domain does Azure supports?
- a) unmanaged custom domains
- b) managed custom domains
- c) both
Answer: c) both
Explanation: Azure supports both managed and unmanaged custom domains to cater to different levels of administrative control over a domain.
True or False: Azure AD B2B allows for business-to-business collaboration.
- True
- False
Answer: True
Explanation: Azure AD B2B is specifically designed for business-to-business collaboration, allowing organizations to work together securely.
Can you change the primary domain in Azure AD?
- a) Yes
- b) No
Answer: a) Yes
Explanation: You can change the primary domain in Azure AD, but you need to ensure that the new primary domain is already added and verified in your Azure AD.
True or False: You can add up to 900 custom domain names in a single directory in Azure Active Directory.
- True
- False
Answer: True
Explanation: According to Microsoft’s official documentation, you can add up to 900 custom domain names in a single directory in Azure Active Directory.
Does adding a custom domain affects existing apps?
- a) Yes
- b) No
Answer: b) No
Explanation: Adding a custom domain doesn’t affect existing apps they are running without interruptions. Existing user sign-ins can continue using the initial domain.
What is the default domain for a new tenant in Microsoft Azure?
- a) tenantname.onmicrosoft.com
- b) tenantname.com
Answer: a) tenantname.onmicrosoft.com
Explanation: When you create a new tenant in Microsoft Azure, the default domain assigned is in the format of tenantname.onmicrosoft.com.
True or False: DNS MX record is used to verify tenant’s domain ownership in Azure AD.
- True
- False
Answer: True
Explanation: To verify domain ownership, an MX record is used. This is a type of DNS record that specifies the mail server responsible for accepting email messages on behalf of the tenant’s domain.
What type of DNS record is needed for verification when adding a domain to Azure AD?
- a) A Record
- b) CNAME Record
- c) MX Record
- d) All of the above
Answer: c) MX Record
Explanation: Only MX Record is needed for verification when adding a domain to your Azure AD.
Interview Questions
What is the main purpose of configuring and managing custom domains in Microsoft Azure?
Configuring and managing custom domains in Microsoft Azure allows you to use your organization’s domain names within Azure, enabling a seamless transition between your on-premises environment and Microsoft’s cloud.
How do you add a custom domain to Azure AD?
You can add a custom domain to Azure AD by navigating to the “Azure Active Directory” section within the Azure portal, selecting “Custom domains”, filling in your domain name and then verifying it.
What are the prerequisites for adding a custom domain to your Azure AD?
You need to have admin privileges in both Azure and the domain registrar. You also need to manage the DNS for your domain to create the necessary DNS record for validation.
How would you verify your custom domain in Azure?
The custom domain in Azure is verified by creating a new DNS record using the verification ID provided by Azure. The DNS record usually takes a form of TXT or MX record.
Can you configure a custom domain as the primary domain in Azure AD?
Yes, you can configure a custom domain as the primary domain. This setting changes the user principal name (UPN) for all users to the new primary domain.
How do you choose your primary domain?
You choose your primary domain by navigating to “Custom Domain Names” in the Azure AD Portal, selecting the domain, then selecting “Set as primary.”
How many custom domains can you add to your Azure AD directory?
There isn’t a stated limit to the number of custom domains you can add to your Azure AD directory.
Is it possible to use subdomains with Azure AD?
Yes, it is possible to use subdomains with Azure AD. They are automatically verified if the parent domain is already verified in the directory.
What is a wildcard DNS record and can it be used to validate a custom domain in Azure AD?
A wildcard DNS record is a record that will match requests for non-existent subdomains. It cannot be used to validate a custom domain in Azure AD.
What happens if you do not renew your domain with the domain registrar?
If your domain is not renewed with the domain registrar, it becomes unverified in Azure AD and your Azure AD services that rely on the custom domain may stop functioning.
How do you remove a custom domain from Azure AD?
To remove a custom domain from Azure AD, navigate to the “Custom domains” section, select the name of the domain you want to remove, and click on “Delete”.
Can you remove a custom domain that is set as the primary domain in Azure AD?
No, you cannot remove a custom domain that is set as the primary domain. You first need to set a different domain as the primary domain.
If you delete a custom domain from Azure AD, does it also get deleted from the domain registry?
No, deleting a custom domain from Azure AD does not delete it from the domain registry. The domain will still exist at the domain registrar.
Does adding a custom domain to Azure AD give Microsoft any control over the domain?
No, adding a custom domain to Azure AD does not give Microsoft any control over the domain. You remain the owner and control all DNS records.
How long does it typically take to propagate DNS changes when configuring a custom domain in Azure AD?
It usually takes up to 72 hours for DNS changes to propagate and take effect when configuring a custom domain in Azure AD. However, in most cases, it is much quicker than this.