Adding multiple onmicrosoft.com domains in the same tenant

One of the basic, yet most compelling features of Office 365/Microsoft 365 is the ability to use your own custom domain name(s) with the service. It has been available since day one, and little has changed with it over the years. Apart from the continued tweaking of the Domain setup wizard, the most notable change in the process was changing the “domain added to another tenant” check as detailed in this article from few years ago.

Now, there’s another interesting development in the area. Namely, you can add more than one onmicrosoft.com domains. Add, but not verify, as those domains are obviously owned by Microsoft, and the admin UI currently does not expose any method for us to “verify” or “state our intent towards using” a given (additional) .onmicrosoft.com domain. But both the M365 Admin Center and the Azure AD blade will happily allow you to add such domains now, as illustrated below:

Because of the change introduced few years back and mentioned above, the UI will actually allow you to add any .onmicrosoft.com domain, even ones already in use by other organizations. In my case, both michevdev2.onmicrosoft.com and michevdev3.onmicrosoft.com correspond to other test Microsoft 365 tenants I use, yet no warning or error is surfaced when I try to add them. Since I do “own” these domains, I can go one step further and try to add the verification TXT record. To do so I simply login to the M365 Admin center for one of those tenants, go to Setup > Domains, select the onmicrosoft.com domain, click the DNS Records tab on top and add the relevant entry:

At this point, one can try to complete the verification process in the other tenant. Unsurprisingly, you will be met with an error message, informing you that the domain is already in use by another organization:

This of course is the expected behavior, with the check simply being implemented at a later stage. If you try the same process from the Azure AD blade, the error message will also inform you which exact tenant has the domain currently verified. Rather obvious, given the fact that this is default domain 🙂

Now, the question as to why am I stating useless facts might arise? Well, I’m not at liberty to discuss the details at this point, but the behavior detailed in this short article is an indicator of the work Microsoft is doing in preparation for delivering one of the most requested features. So stay tuned for additional information that will follow in the coming weeks/months.

/tease off

This entry was posted in Azure AD, Microsoft 365, Office 365. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.