Your company's local environment consists of a single Active Directory Domain Services (AD DS) domain.
You plan to offer your users single sign-on (SSO) access to Azure-hosted software-as-a-service (SaaS) applications that use Azure Active Directory (Azure AD) authentication. The tenant's current domain name is companycom.onmicrosoft.com.
You need to configure Azure AD to use company.com, the organization's owned public domain name.
What should you do?
You should add a Domain Name System (DNS) verification record at the domain registrar. This step is required to verify to Microsoft that you own the public DNS domain name in question. You perform the validation by creating either a text (TXT) or mail exchanger (MX) record in your DNS zone file at the registrar's website, using Microsoft-provided values. You can delete the verification record after Azure validates the domain for use with Azure AD.
You should not remove the companycom.onmicrosoft.com domain name from the Azure AD tenant. In fact, you cannot remove this domain name because Azure uses it to identify your directory uniquely across the entire Microsoft Azure global ecosystem.
You should not add a company.com user principal name (UPN) suffix to the AD DS domain. If you use a non-routable DNS domain in AD DS, then you may indeed be required to perform this action. However, the scenario does not specify what AD DS domain name is currently defined.
You should not run Azure AD Connect from a domain member server and specify the custom installation option. Configuring the proper public and private DNS domain names is one of the prerequisite steps that needs to be completed before you run the Azure AD Connect wizard for the first time.