Azure AD DNS Verification for Custom Domain

D

Create the TXT record. App Services uses this record only at configuration time to verify that you own the custom domain. You can delete this TXT record after your custom domain is validated and configured in App Service.

To verify a custom domain name in Azure Active Directory (Azure AD), you need to create a specific DNS record in your public DNS zone. This DNS record is used by Azure AD to confirm that you own the domain.

The correct type of DNS record to create for domain verification in Azure AD is a TXT record. Specifically, you need to create a TXT record with a specific value that Azure AD provides to you when you initiate the domain verification process.

The value of the TXT record typically looks something like this:

MS=msXXXXXXXX

(where XXXXXXXX is a unique string of characters)

To create the TXT record, you need to log in to your DNS hosting provider's website or portal and add a new record to your public DNS zone. The exact process for doing this will vary depending on your DNS hosting provider, but in general, you will need to:

1. Navigate to the DNS management section of your provider's website or portal.
2. Find the option to add a new record and select TXT as the record type.
3. Enter the name of the record (usually the root domain name, such as contoso.com).
4. Enter the value of the TXT record that Azure AD provided to you.
5. Save the new record.

Once you have created the TXT record in your public DNS zone, you can return to the Azure AD portal and complete the domain verification process. Azure AD will check for the presence of the TXT record and verify that it contains the correct value. If everything checks out, Azure AD will confirm that you own the domain and add it to your Azure AD tenant.