When you make a change to a parent (top-level) domain that's verified in Office 365, Microsoft Azure, or Microsoft Intune, a child domain that's also verified doesn't inherit the changes. This issue may occur when you do one of the following:
Change the domain from standard to federated
Change the domain from federated to standard
Set domain authentication or federation configurations
Update the domain Active Directory Federation Services (AD FS) relying party trust
Verify domain ownership
To resolve this issue, delete the child domain, add and verify the parent domain, and then re-add the child domain.
Note After the parent domain is verified and the child domain is added, you don't have to verify the child domain because it inherits the settings (verification, authentication, and federation) from its parent.
This issue may occur if the child domain is verified before the parent domain is verified. When the child domain is verified first, verification and its settings are managed independently of the parent domain.
For example, you verify the corp.constoso.com domain. Later, you verify the contoso.com domain. When you verify corp.contoso.com, and ownership is proven, the namespace is created in Office 365 as a domain that's completely independent of contoso.com. Therefore, when you later verify contoso.com, any changes that are made to this new domain don't affect corp.contoso.com.
In certain cases, you may want to manage the child domain properties independent of the parent domain.