A child domain doesn't inherit parent domain changes in Microsoft 365, Azure, or Intune
PROBLEM
When you make a change to a parent (top-level) domain that's verified in Microsoft 365, Microsoft Azure, or Microsoft Intune, a child domain that's also verified doesn't inherit the changes. This issue may occur when you do one of the following:
- Change the domain from standard to federated
- Change the domain from federated to standard
- Set domain authentication or federation configurations
- Update the domain Active Directory Federation Services (AD FS) relying party trust
- Verify domain ownership
SOLUTION
To resolve this issue, delete the child domain, add and verify the parent domain, and then re-add the child domain.
Note
After the parent domain is verified and the child domain is added, you don't have to verify the child domain because it inherits the settings (verification, authentication, and federation) from its parent.
MORE INFORMATION
This issue may occur if the child domain is verified before the parent domain is verified. When the child domain is verified first, verification and its settings are managed independently of the parent domain.
For example, you verify the corp.constoso.com domain. Later, you verify the contoso.com domain. When you verify corp.contoso.com, and ownership is proven, the namespace is created in Microsoft 365 as a domain that's completely independent of contoso.com. Therefore, when you later verify contoso.com, any changes that are made to this new domain don't affect corp.contoso.com.
In certain cases, you may want to manage the child domain properties independent of the parent domain.
REFERENCES
Still need help? Go to Microsoft Community or the Microsoft Entra Forums website.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for