Skip to Content
IdentityDomain ManagementDomains

Domains

Manage custom domains associated with your Microsoft 365 tenant. Add new domains, verify ownership, configure DNS records, and set the default domain for new users.

Domain List

ColumnDescription
Domain NameThe domain (e.g., contoso.com)
StatusVerified, Pending, or Failed
TypeManaged (verified) or Initial (*.onmicrosoft.com)
DefaultWhether this is the default for new users
CapabilitiesEmail, SharePoint, Teams, etc.
UsersNumber of users with this domain

Domain Types

Initial Domain

The *.onmicrosoft.com domain created with your tenant. Cannot be removed. Always available as a fallback.

Example: contoso.onmicrosoft.com

Managed Domain

Custom domain you’ve added and verified. DNS managed externally. Can be set as default for new users.

Example: contoso.com

Federated Domain

Domain configured for federation with on-premises AD FS or third-party IdP. Authentication handled by external system.

Password Hash Sync Domain

Domain with hybrid identity using Azure AD Connect. Password hashes synchronized from on-premises AD.

Default Domain

The default domain is used when creating new users without specifying a domain:

  • New users get UPN suffix of default domain
  • Only verified domains can be set as default
  • The initial *.onmicrosoft.com domain cannot be default if custom domains exist
  • Change default by clicking “Set as Default” on any verified domain

Domain Health

Monitor DNS configuration status for each domain:

  • MX — Email routing configured
  • SPF — Sender Policy Framework valid
  • DKIM — DomainKeys Identified Mail enabled/not enabled
  • DMARC — Domain-based Message Authentication configured/missing

Removing a Domain

Before removing a domain, you must:

  1. Change UPN suffix of all users from this domain
  2. Remove all email addresses using this domain
  3. Delete or rename all groups using this domain
  4. Remove all SharePoint site collections using this domain
  5. Delete the domain from M365

Warning: The initial *.onmicrosoft.com domain cannot be removed. It will always remain associated with your tenant.

Graph API Endpoints

  • GET /domains
  • POST /domains
  • POST /domains/{id}/verify
  • GET /domains/{id}/serviceConfigurationRecords
  • DELETE /domains/{id}

API Reference

  • GET /api/identity/domains — List all domains in tenant
  • POST /api/identity/domains — Add new domain
  • POST /api/identity/domains/:id/verify — Verify domain ownership
  • GET /api/identity/domains/:id/dns-records — Get required DNS records
  • GET /api/identity/domains/:id/health — Check DNS configuration health
Last updated on
Add DomainDNS Records