Office Address
Seville, Spain
Seville, Spain
Phone Number
+(34) 624 816 969
Email Address
Available on Google Play
Seville, Spain
Seville, Spain
+(34) 624 816 969
by ForgeNEX Yesterday, I encountered a classic scenario. A client, an engineering consultancy here in Seville, had just signed up for Microsoft 365 Business Standard. They were excited to start using Teams and have professional email. The manager called me, a bit confused:
"Hey, I created a user for my partner, but her email is [email protected]. Is that right? It looks... weird. I want it to be [email protected], that's why I registered it!"
This is, without a doubt, one of the first (and most logical) questions that arise when entering the Microsoft ecosystem. It's a rite of passage.
That .onmicrosoft.com domain is not an error, nor is it a temporary placeholder. It is the foundation upon which your entire digital office will be built. But, obviously, it's not the facade you want your clients to see.
Today, we're going to demystify this. We'll talk about digital identity, why Microsoft "gifts" you that ugly domain, and how (and why) you should add your own custom domain.
Table of contents [Show]
For years, when we talked about users in the Microsoft cloud, we talked about Azure Active Directory (Azure AD). It was the service that managed who could get in and to what.
But in the last year, Microsoft has renamed it to Microsoft Entra ID.
Is it just marketing? Not exactly. The name "Azure AD" was confusing. It made people think (rightly so) that it was the cloud version of the traditional "Active Directory," the one you had on a Windows server in a closet. And while they are conceptually similar (they manage users and permissions), they are very different technologies.
"Azure AD" fell short because this service no longer just provides access to "Azure" things. It provides access to everything:
Microsoft Entra ID is the new name for Microsoft's universal identity system. It is the digital ID, the passport, and the bouncer for your entire organization. It is the "Entrance" (hence "Entra") to all your services.
Okay, if Entra ID is the ID system, what is the .onmicrosoft.com domain?
When you sign up for any Microsoft 365 or Azure service, Microsoft needs to create a unique "space" for your company in its global cloud. This space is called a Tenant. It is your digital plot of land, isolated from the millions of other companies using the same cloud.
The problem is: how do they uniquely identify you across the entire planet?
They could ask for your domain (mycompany.es), but at that precise moment, they can't know if it truly belongs to you. They need a unique and unrepeatable name to create your tenant right then and there.
The solution is that they ask you to choose a name (e.g., mycompany) and they add the suffix .onmicrosoft.com, which they control. Thus, mycompany.onmicrosoft.com becomes the unique global identifier of your tenant.
I like to use a car analogy:
Your
.onmicrosoft.comdomain is like the Vehicle Identification Number (VIN) of your car. It is unique, comes from the factory, is permanent, and identifies it unambiguously.Your custom domain (
mycompany.es) is the license plate. It is the public identity, the one you use to be recognized, and you can (in a way) change it.
That .onmicrosoft.com domain is permanent. It cannot be deleted or changed. It remains there forever as the internal identifier of your organization for Microsoft. You will see it in some places, like in the internal URL of your SharePoint (mycompany.sharepoint.com), but in day-to-day use, you and your employees should never use it.
If .onmicrosoft.com is the chassis, your custom domain is what gives you professionalism. Using a custom domain is not optional; it is step 1 of a serious setup.
1. For Brand Image Alone: Sending an email from [email protected] is not the same as from [email protected]. The first screams "amateur" or "half-configured." The second inspires trust and coherence.
2. For Identity Cohesion (SSO): The goal of a modern identity system is Single Sign-On (SSO). You want your employee, lucia.gomez, to use a single identity for everything:
[email protected][email protected][email protected]This unique username, which matches the email, is called the User Principal Name (UPN). For this to work, Microsoft has to "know" that the domain mycompany.es belongs to you.
3. For Control: By adding your domain, you are telling Microsoft: "Hey, this brand is mine. I will manage who can have an identity with this name."
"Okay, you've convinced me. How do I do it?"
The process is quite simple if you know where to look. You need two things: Administrator access to your Microsoft 365 portal and access to the control panel of your domain registrar (where you bought the .es or .com, like GoDaddy, Namecheap, etc.).
Step 1: Go to the admin center
Log in to admin.microsoft.com with your administrator account (the one ending in .onmicrosoft.com).
Step 2: The "Domains" section
In the left-hand menu, go to Settings > Domains. There you will see your .onmicrosoft.com domain listed. Click on "Add domain".
Step 3: Enter your domain
Enter your domain name, for example, mycompany.es, and click "Use this domain".
Step 4: The Verification (The key step)
This is where Microsoft asks you to prove that you own that domain. It's like being asked to put a specific sticker on your house window to prove it's yours.
Microsoft will give you several options, but the most common and recommended is "Add a TXT record".
It will give you some values, something like this:
TXT@ (or leave it blank, depending on your provider)MS=ms12345678 (this will be a unique code for you)[Image of DNS record settings in a domain provider]
Step 5: Configure your DNS
Now, open another browser tab and go to your domain provider (GoDaddy, etc.). Look for the "Manage DNS" or "Zone Management" section. Add a new record with the exact data Microsoft gave you.
Save the changes.
Step 6: Go back to Microsoft and Verify
Go back to the Microsoft admin tab and click "Verify".
Note! DNS changes can take a little while to propagate across the internet. Sometimes it's instant, sometimes it takes 15 minutes, and in rare cases, up to an hour. If it fails, have a coffee and try again.
Once verified, you're done! You've told Microsoft that mycompany.es belongs to you.
Step 7 (The most important): Change your users
The domain is added, but your users are still [email protected]. You need to change them.
Go to Users > Active users. Click on a user (for example, Lucía). In her "Account" tab, you will see her username. Click on "Manage username" and, in the dropdown on the right, select your new domain mycompany.es.
Save the changes. Lucía's login (her UPN) will now be [email protected]. The next time she logs into Teams, Windows, or any app, she must use this new username.
In the old days of computing, the company's security was the firewall, the castle wall. Today, with people working from home, from their mobile phones, and using apps in the cloud, the security perimeter is the user's identity.
Knowing what Entra ID is means understanding who is guarding the gate.
Understanding .onmicrosoft.com means knowing the foundations of your building.
And configuring your custom domain is like putting the illuminated sign on the facade. It is not a cosmetic step; it is the fundamental step to unify your brand, professionalize your teams, and take control of your security in the cloud.