Promote subdomain to root in Azure

PUBLISHED ON JAN 16, 2026 — AZURE, GRAPH-EXPLORER, HOW-TO, OKTA

I’ve been working on setting up Azure with Okta, and I wanted to use a subdomain (foo.bar.com) for federation and authentication.

After spending some time researching, I found that I needed to:

  1. Verify the subdomain.
  2. Promote the subdomain.
  3. Update the Okta app to include both the root and the subdomain.

To do this, go to the Graph Explorer and execute the following command:

POST https://graph.microsoft.com/v1.0/{tenant-id}/domains/foo.bar.com/promote

Then, to verify it worked:

GET https://graph.microsoft.com/v1.0/domains/foo.bar.com/

Note: You will likely need to consent to some additional permissions

You should see a response similar to this:

Return:
  {
      "authenticationType": "Federated",
      "availabilityStatus": null,
      "isAdminManaged": true,
      "isDefault": false,
      "isDefaultForCloudRedirections": false,
      "isInitial": false,
      "isRoot": true,          <---------------- This is what you are looking 
      "isVerified": true,
      "name": "foo.bar.com",
      "supportedServices": [],
      "forceDeleteState": null,
      "state": null,
      "passwordValidityPeriodInDays": null,
      "passwordNotificationWindowInDays": null
  },

That’s pretty much it!

REFERENCES:

https://learn.microsoft.com/en-us/entra/identity/users/domains-verify-custom-subdomain

TAGS: DIRECTORY, FEDERATION, GRAPH, PROMOTE, SUBDOMAIN
comments powered by Disqus
< prev | blog | next >

home