Wednesday, January 27, 2021

How to add your custom domain name in Azure Active Directory

In this post would discuss about the use of a custom domain name in Azure AD and how we can add one.

Before going into that, first talk about what is Azure Tenant. It's a dedicated and trusted instance of Azure AD that's automatically created when you or your organization signs up for a Microsoft cloud service subscription, such as Microsoft Azure, Microsoft Intune, or Microsoft 365. An Azure tenant represents a single organization.

Now what is Azure AD, it is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in:
  • External resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.
  • Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization.
Every new Azure AD tenant comes with an initial domain name as given, <domain-name> We can't change or delete this initial domain name, however can add a custom domain aligned and reflecting ones organization's name. Adding custom domain names helps you to create user names that are familiar to your users, such as, where is a custom domain.

Please note that, Only a Global Administrator can manage domains in Azure AD.

This role is automatically assigned to whomever created the Azure AD tenant. Global administrators can do all of the administrative functions for Azure AD and any services that federate to Azure AD, such as Exchange Online, SharePoint Online, and Skype for Business Online. You can have multiple Global administrators, but only Global administrators can assign administrator roles (including assigning other Global administrators) to users.

Now I assume that you have already created a domain name with a domain registrar such as godaddy etc. and logged in to your Azure Account with as Global administrator.

The process of adding a custom domain consists these three tasks, 

1. Add your custom domain name to Azure AD                                     
Login to Azure Portal using a account having Global Administrator Role assigned => Select Custom domain names => Add your domain on this page using add domain button => once the unverified domain is added => Click on the unverified domain and note down the TXT record 

2. Add your DNS information to the domain registrar                            
Go back to your domain registrar and create a new TXT record for your domain based on your noted DNS information. Set the time to live (TTL) to 3600 seconds (60 minutes), and then save the record. 
Note: You can register as many domain names as you want. However, each domain gets its own TXT record from Azure AD.

3. Verify your custom domain name                               
Note: DNS records must propagate before Azure AD can verify the domain. This process can take an hour or more.

After you've verified your custom domain name, now make it your primary domain.
The primary domain is the default domain name for a new user when you create a new user. Setting a primary domain name streamlines the process for an administrator to create new users in your AD.

You can make your domain primary by completing the following steps,
  1. Sign in to the Azure Portal with an account that's a Global Administrator for the organization.
  2. Now select Azure Active Directory => Select Custom domain names => Select the name of the domain that you want to be the primary domain => Select the Make primary command, confirm.
You can change the primary domain name for your organization to be any verified custom domain that isn't federated. Changing the primary domain for your organization won't change the user name for any existing users.


Related reads:

No comments:

Post a Comment