Purpose of Custom Domains
A domain name (e.g., contoso.com) identifies users and groups within Microsoft Entra ID. Custom domains help align user identities with organizational email addresses and branding.
When you create an Entra tenant, it gets a default domain like contoso.onmicrosoft.com. Adding your verified domain (e.g., contoso.com) allows user UPNs like adele@contoso.com.
Set the Primary Domain
Changing the primary domain only affects new users; existing usernames remain unchanged.
Example: Contoso changes its primary domain from contoso.onmicrosoft.com to contoso.com. New users now automatically get usernames like user@contoso.com.
Add Custom Domain Names
Example: To verify contoso.com, the admin adds the TXT record provided by Microsoft to the DNS registrar (e.g., GoDaddy). Once verified, users can use the domain in Entra.
Add Subdomains
If contoso.com is verified, subdomains like europe.contoso.com are automatically verified. However, subdomains can be verified independently in different tenants if needed.
Domain Registrar Changes
Changing your DNS registrar does not affect Entra ID. No re-verification is needed unless domain ownership or DNS records are lost.
Delete a Custom Domain
You cannot delete a domain if it’s referenced by any user, group, or app. Ensure:
Only then can the domain be deleted.
ForceDelete Option
ForceDelete is an asynchronous operation that automatically renames all objects referencing the domain back to the default domain (e.g., @contoso.onmicrosoft.com). It works only if fewer than 1,000 references exist and Exchange-related references are cleared first.
Limitations:
Example: When Contoso decommissions contosoresearch.com, the admin uses ForceDelete, and Entra automatically renames affected users and groups to use the default domain.