Solution the domain being federated can not be configured as the default domain To resolve the issue, promote a different domain as the default domain To promote a domain as the default domain Log in to the office 365 tenant Click the microsoft 365 admin center > navigation menu > show all > settings > domains. You cannot federate the default domain (also known as the primary domain) in microsoft entra id (formerly microsoft azure active directory)
In order to federate your microsoft 365 tenant with an external identity provider (like duo sso), you must have added a custom domain to microsoft 365. Hello i am trying to federate 365 with duo but when i run the ps commands it says i can’t federate my 365 default domain Looks like the fix is to swap another domain as default then rerun the command. You cannot remove this domain as the default domain without replacing it with another default domain I would like to explain that office 365 does not allow you change a federated domain to default type so that’s why office 365 suggests “ a.onmicrosoft.com domain ” when you want to create users or objects using domain.com. Because the adfs domain is federated and is the source of truth for that domain
Because of this you can not make it the default of a different environment that can’t directly creat those resources. Hence a federated domain cannot be set as the primary domain in azure active directory The primary domain can only be a managed domain. When you add a domain to o365, using the o365 admin portal, it alters your default domain to the new domain O365 will not alow you to federate the default domain. Resolution per this article from microsoft, this can be resolved through the following steps
Sign in to the office 365 portal as a global administrator On the domains page, choose the domain you want to set as the default for new email addresses
OPEN
