I hope you’re all enjoying this beautiful Monday. It’s summer!
Some days ago I started this series of articles in which I’ll share some of my study notes for the SC-300. This is the Microsoft Identity and Access Administrator certification exam. Securing the identities is of the utmost importance. Some time ago I read this article that poses this question: is Azure Active Directory the weakest link in the chain? If malicious people manage to get hold of an identity, then they can do a lot of damage. Moreover, we want to make sure the members in our organization get the proper access to the resources they need to get their job done. While maintaining everything secure! What a challenge!
This is part 1 of the series, where I write about the very first topic covered in the exam: configuring and managing Azure AD roles.
Just to remind you what the first domain, Implement initial configuration of Azure AD, covers:
- configure and manage Azure Active Directory roles
- configure and manage custom domains
- configure and manage device registration options
- configure delegation by using administrative units
- configure tenant-wide settings
In this article I’d like to share my notes on the second skill, configure and manage custom domains.
Configure and manage custom domains
When you first create your organization in Azure AD, the system sets an initial domain name with the following format: organization.onmicrosoft.com. This will be your primary domain name for the time being. The initial domain name can’t be changed or deleted. A user in this organization would have an email address like this: firstname.lastname@example.org.
You can, however, add your own domain name to Azure AD, and set it as the primary one. The primary domain name is the default domain name for new users.
One thing to have in mind is that changing the primary domain to a new custom domain won’t change the user name of the existing users.
Adding a new custom domain
- Sign in to the Azure portal using a Global Administrator account.
- Navigate to Azure Active Directory and select Custom domain names from the menu on the left.
- Click on + Add custom domain on the top menu, and type the domain name you want to include. Don’t forget to include .com, .net, or any other top-level extension.
- The TXT record for the new domain will be displayed. You’ll use this information to configure the domain in your DNS provider. This is to verify the ownership of the domain.
I have my own domain registered in Azure AD, one I bought from Namecheap. I’m very happy with their services.
This is how it looks like there.
Every DNS provider is more or less the same. You have to click on Add new record, and choose TXT record. The @ under hostname means it’s the root domain. TTL means time to live, and it’s the time it takes for the cache of the DNS record to be refreshed. By default, Azure gives us one hour. This avoids too many queries to our domain name.
You can register subdomain names, such as europe.organization.com, but you have to first register the root domain (the @).These subdomains are verified automatically.
I hope you can see the importance of having your own domain registered in Azure AD. Your domain is your brand, it’s your name and how you want to be recognized.
If you want to read more about DNS, check my article Creating DNS Records for a Web App. Let me know what you think.
This is it for now. I want to keep it short and steady. If you’re also studying for the SC-300, please raise your hand and reach out. Let’s tackle this together!