Adding branded URLs to authentication with Microsoft Entra External ID Custom URL Domains

Samiksha Gupta

We are excited to announce the Public Preview of Custom URL Domains for Microsoft Entra External ID that enable you to replace default Microsoft authentication domain endpoints with your own brand names.

Custom URL domains are designed to provide flexibility and customization for the authentication journey.

In this blog post, we explore custom URL domains and how to configure them.

What are custom URL domains?

Custom URL domains provide you with a unique, personalized domain endpoint. You can add, verify, and use this domain for your application’s sign-in experience. By replacing the default Microsoft authentication endpoint with your own chosen domain, you can reflect your brand or business identity.

Why use custom URL domains?

Custom URL domains enhance the user experience by unifying the login experience with your brand, fostering loyalty and trust.

By avoiding third-party redirections, you ensure that users remain immersed in your brand environment, reducing confusion. A consistent experience ensures that users feel confident and secure, knowing their interactions occur within a familiar branded context.

Consider, for example, Contoso Ltd., who have their main website at Instead of using their Microsoft authentication domain,, users can be directed to for access and remain within a branded authentication environment.

Staying on the same domain during sign-in helps mitigate the impact of third-party cookie blocking. Many browsers block third-party cookies (cross-domain cookies) on requests to domains other than the domain shown in the browser’s address bar. For more information, see our docs.

How custom URLs work

You can configure custom URL domains in the Microsoft Entra Admin Center under: Settings > Domain names > Custom URL domains

  • Add your custom domain name
  • Finish the verification process by adding the TXT details in your DNS
  • Enable the verified domain to use it as a custom URL domain

With this release, you must configure Azure Front Door as a reverse proxy and add your custom URL domain in that instance.

The following diagram illustrates the Azure Front Door integration:

Azure Front Door integration diagram

Note: After configuring custom URL domains, your existing authentication at <tenant-name> will continue to function. However, users will need to log in again when switching to custom URL domains as existing sessions will no longer be valid.

For more information and detailed configuration guides, please check out our docs.

Participate in the Public Preview

We are actively looking for customers to participate in the Public Preview of this new feature. Explore the docs above to learn about how custom URL domains work and how to enable them for Microsoft Entra External ID. Your feedback is important for us. Please let us know what you think about this new capability!

Let’s stay connected

To learn more or test out features of the Microsoft Entra portfolio, visit our developer center. Sign up for email updates on the Identity blog to keep up with all things Identity. And follow us on YouTube for video overviews, tutorials, and deep dives.


Leave a comment

Feedback usabilla icon