Currently, there is no way of differentiating an authorization server based on the domain for which it is created in Microsoft Exchange Server 2019 and Exchange Server 2016. As a result, you can't know if the selected authorization server is correct for the requesting user when building OAuth tokens. This update adds the parameter DomainName to New-AuthServer and Set-AuthServer to handle selection of a correct authorization server from a list of authorization servers present in a single on-premises Exchange organization to a multi-tenant deployment.
To fix this issue, install one of the following updates:
For Exchange Server 2019, install the Cumulative Update 7 for Exchange Server 2019 or a later cumulative update for Exchange Server 2019.For Exchange Server 2016, install the Cumulative Update 18 for Exchange Server 2016 or a later cumulative update for Exchange Server 2016.