WEBVTT 0:00:02.360000 --> 0:00:07.660000 In this video, we're going to take a look at custom domains associated 0:00:07.660000 --> 0:00:14.500000 with Azure AD. The topics that we're going to look at include the following. 0:00:14.500000 --> 0:00:20.760000 First, we'll talk about Azure AD domains in general, and then I'm going 0:00:20.760000 --> 0:00:26.540000 to demonstrate how to register a custom domain, which is actually relatively 0:00:26.540000 --> 0:00:29.960000 straightforward. 0:00:29.960000 --> 0:00:34.900000 Now, first of all, let's just go into some of the details here with Azure 0:00:34.900000 --> 0:00:43.380000 AD domains. When you create an Azure AD tenant, it is created with a default 0:00:43.380000 --> 0:00:49.580000 DNS domain, and it's going to be the name that you give it, dot on Microsoft 0:00:49.580000 --> 0:00:53.960000 dot com. You can start to create cloud-based users. 0:00:53.960000 --> 0:01:00.060000 You can even synchronize users from on-prem, but if anyone wants to log 0:01:00.060000 --> 0:01:03.700000 in at that point, they're going to have to log in with whatever name you 0:01:03.700000 --> 0:01:07.640000 chose, tenant dot on Microsoft dot com. 0:01:07.640000 --> 0:01:13.500000 You can also add custom domains, and hopefully the reasons for doing that 0:01:13.500000 --> 0:01:18.500000 are relatively obvious, relatively straightforward, but for things like 0:01:18.500000 --> 0:01:22.220000 making it easier on your users so they don't have to remember two different 0:01:22.220000 --> 0:01:24.480000 ways of logging in. 0:01:24.480000 --> 0:01:29.260000 You want them if they're logging in on-prem with your company dot com, 0:01:29.260000 --> 0:01:32.800000 you want them logging into their cloud applications the same way. 0:01:32.800000 --> 0:01:36.400000 For me, that's really the biggest reason for doing this, but there may 0:01:36.400000 --> 0:01:38.260000 be other reasons as well. 0:01:38.260000 --> 0:01:44.020000 Keep in mind that it's actually required for federated authentication. 0:01:44.020000 --> 0:01:48.240000 If you're using Active Directory federated services, then you're going 0:01:48.240000 --> 0:01:53.140000 to have to have the exact same domain name in Azure AD as you have on 0:01:53.140000 --> 0:01:59.740000 -premises. One thing that you do want to know is that implementing a custom 0:01:59.740000 --> 0:02:05.860000 domain does require proof of domain ownership. 0:02:05.860000 --> 0:02:08.760000 And that makes sense. 0:02:08.760000 --> 0:02:12.620000 No matter what you're doing in Azure, there's a number of different places 0:02:12.620000 --> 0:02:14.380000 that you can implement custom domains. 0:02:14.380000 --> 0:02:20.160000 For example, if you have a web app and you want that web app to be associated 0:02:20.160000 --> 0:02:26.060000 with your domain, rather than the typical domain name that it would get, 0:02:26.060000 --> 0:02:29.920000 the typical public ID that it would get as part of Azure, then you're 0:02:29.920000 --> 0:02:36.000000 going to want a custom domain associated with that particular web application. 0:02:36.000000 --> 0:02:40.240000 And regardless of what you're associating a custom domain with, you have 0:02:40.240000 --> 0:02:42.820000 to have some proof that you actually own it. 0:02:42.820000 --> 0:02:47.260000 And in the case of Azure AD, I can't just put some kind of redirect in 0:02:47.260000 --> 0:02:48.980000 there because that doesn't make sense. 0:02:48.980000 --> 0:02:55.860000 So what Azure AD is going to do is ask you to implement a text entry or 0:02:55.860000 --> 0:03:00.820000 a mail, an MX record or a TXT record with specific settings so it can 0:03:00.820000 --> 0:03:05.100000 check and make sure that you've done that and therefore you own that domain. 0:03:05.100000 --> 0:03:11.860000 It's really the only thing that is particularly complicated about implementing 0:03:11.860000 --> 0:03:13.660000 your custom domains. 0:03:13.660000 --> 0:03:19.500000 And so with that, what I'd like to do is I would like to go ahead and 0:03:19.500000 --> 0:03:21.020000 demonstrate this. 0:03:21.020000 --> 0:03:29.700000 Now, I currently have my dashboard open and I have it open to my new tenant 0:03:29.700000 --> 0:03:30.540000 that I've created. 0:03:30.540000 --> 0:03:34.460000 I created this in a different video. 0:03:34.460000 --> 0:03:39.020000 So I've got the INE AZ302 .onmarchself.com. 0:03:39.020000 --> 0:03:43.640000 And what I'm going to do is I'm going to go into my Azure Active Directory 0:03:43.640000 --> 0:03:46.120000 for this particular directory. 0:03:46.120000 --> 0:03:49.000000 And of course, if you don't have it on the left, you can go to all services 0:03:49.000000 --> 0:03:52.260000 and find it, or you can do a search. 0:03:52.260000 --> 0:03:59.740000 Now within my AZ300.2, I am going to actually go down to custom domain 0:03:59.740000 --> 0:04:08.780000 names. And right now, I've got the domain name for this particular directory, 0:04:08.780000 --> 0:04:12.740000 which by the way, a lot of times if you forget the actual default directory 0:04:12.740000 --> 0:04:16.240000 name, it is here under custom domain names. 0:04:16.240000 --> 0:04:21.360000 Not that I would ever have that problem, but if I did, it's possible that 0:04:21.360000 --> 0:04:24.740000 I've come to this screen on many occasions because I create a lot of different 0:04:24.740000 --> 0:04:27.980000 and in my defense, I create a lot of different tenants. 0:04:27.980000 --> 0:04:30.420000 Anyways, enough about me. 0:04:30.420000 --> 0:04:33.620000 Let's go ahead and add a custom domain. 0:04:33.620000 --> 0:04:41.020000 I'm going to add a custom domain, hyneydemo.com. 0:04:41.020000 --> 0:04:44.240000 And I'm going to add that domain. 0:04:44.240000 --> 0:04:49.840000 Now, when I add that domain, it's going to tell me that it's going to 0:04:49.840000 --> 0:04:54.880000 look for a TXT or an MX record in that domain. 0:04:54.880000 --> 0:05:00.420000 And my hope is that I set up this domain this morning and I'm hoping that 0:05:00.420000 --> 0:05:04.800000 it has had enough time to propagate. 0:05:04.800000 --> 0:05:12.760000 And I'm going to go ahead and open up another portal window here. 0:05:12.760000 --> 0:05:15.620000 So I can flip back and forth. 0:05:15.620000 --> 0:05:28.040000 Now on this portal window, I am going to actually switch to my main subscription 0:05:28.040000 --> 0:05:32.360000 and I'm going to go ahead and put in. 0:05:32.360000 --> 0:05:38.080000 See if it pulls it up. 0:05:38.080000 --> 0:05:42.660000 There's my DNS zone, hyneydemo.com. 0:05:42.660000 --> 0:05:49.180000 And it's pretty empty as you can see, but I want to add a record set. 0:05:49.180000 --> 0:05:55.380000 And the name of this is going to be at. 0:05:55.380000 --> 0:05:59.820000 I have an update. 0:05:59.820000 --> 0:06:01.340000 Very happy about that. 0:06:01.340000 --> 0:06:04.920000 So the name is at the type. 0:06:04.920000 --> 0:06:09.380000 It's going to be a TXT. 0:06:09.380000 --> 0:06:11.160000 We'll just go ahead and do the TXT. 0:06:11.160000 --> 0:06:16.000000 And what else do we have here? 0:06:16.000000 --> 0:06:19.680000 So that destination or points to address, that's just the value that I'm 0:06:19.680000 --> 0:06:21.400000 going to put in there. 0:06:21.400000 --> 0:06:35.100000 And I'm going to set this TTL to be 3600 seconds. 0:06:35.100000 --> 0:06:45.280000 So I now have created a record that is going to be used to validate or 0:06:45.280000 --> 0:06:49.900000 verify that I actually own this particular domain. 0:06:49.900000 --> 0:06:53.840000 And in fact, notice that the domain is now verified. 0:06:53.840000 --> 0:06:55.400000 And that's really all I need to do. 0:06:55.400000 --> 0:07:02.740000 Now I have the hyneydemo domain and it is associated with this Azure 80 0:07:02.740000 --> 0:07:08.900000 tenant. And now I can have users that are going to log in based on this 0:07:08.900000 --> 0:07:10.780000 particular domain name.