How to create a new Azure tenant for another company

Question

How to create a new Azure tenant for another company

Xolex Nguyen 20

Hi everyone,

Currently, I need to deploy an app on Microsoft Azure for a customer who is currently using Microsoft 365 with the tenant company.onmicrosoft.com. The customer wants me to create a new Azure tenant separate from their existing Microsoft 365 tenant, using the same email domain (@company.com) and a different tenant ID, such as company2.onmicrosoft.com. Is that possible?

Thanks

Xolex

0 comments

Answer accepted by question author

Marcin Policht 90,645 MVP Volunteer Moderator

A few things to clarify:

A Microsoft 365 tenant = an Entra ID tenant.
A **custom domain (like company.com) can only be verified and assigned to one tenant at a time.
The initial something.onmicrosoft.com domain is unique and permanently tied to that tenant—it can’t be duplicated or moved.

So, in your scenario:

The customer already has a Microsoft 365 tenant (company.onmicrosoft.com) where the custom domain company.com is registered.
You can absolutely create a brand-new Entra ID / Azure tenant (company2.onmicrosoft.com). That part is straightforward.
However, you cannot attach company.com to both tenants at the same time. Microsoft enforces this to prevent conflicts in user identity and sign-in.
To use the same @company.com addresses in the new tenant, you would first need to remove company.com from the existing tenant, which would break the customer’s Microsoft 365 services tied to that domain.

Options you have:

Keep a single tenant: Recommended if the customer wants unified identity and access with their @company.com accounts.
Create the second tenant (company2.onmicrosoft.com) but only use its default domain or add a different custom domain (e.g., apps.company.com, company2.com).
If the reason is separation of workloads (e.g., testing, dev, or isolation), you can use multi-tenant apps, guest access (B2B), or cross-tenant synchronization instead of moving the domain.

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Xolex Nguyen 20 Reputation points

2025-09-08T03:49:57.9733333+00:00
Hi Marcin,

Thank you so much for your detailed clarification and solution.

Regarding the options you mentioned, the option "Create the second tenant (company2.onmicrosoft.com) but only use its default domain or add a different custom domain (e.g., apps.company.com, company2.com)" is what I mean.

As I mentioned initially, I need to create a new Azure tenant (whichever the xxx.onmicrosoft.com domain is, not need to algin with the domain company.com), but the root administrator is ******@company.com - that's fine.

=> So, from your comment, I understand that the only way to do this is:

Create a second tenant (company2.onmicrosoft.com) but only use its default or a different domain

Invite the ******@company.com to the 2nd tenant as a member and assign the "Global admin" role

Is it correct?

=> and how to create a new one using a default domain? Or do I need to use a personal email address to create the new first and then invite user@?

May I use the email address ******@company.com to create a new default domain tenant (xxx.onmcirosoft.com)?

Many thanks

Xolex
Marcin Policht 90,645 Reputation points MVP Volunteer Moderator

2025-09-08T11:58:10.2966667+00:00
You can create a brand-new Entra ID (Azure AD) tenant at any time. Microsoft will automatically assign it a unique default domain like something.onmicrosoft.com. The account you use to create the tenant (sign-up email) becomes the first Global Administrator of that new tenant.

The custom domain company.com is already verified and tied to the existing tenant (company.onmicrosoft.com). You cannot add or verify company.com in the new tenant unless you first remove it from the existing tenant — which would break M365 for the customer. So the new tenant will only use its default domain (e.g., company2.onmicrosoft.com) or another custom domain you control (like apps.company.com).

You can absolutely sign up for a new tenant using ******@company.com. That email address does not have to belong to the new tenant. It just receives the invitation/verification email. In fact, that’s a common way to bootstrap a new tenant. Microsoft will create the new tenant and make ******@company.com the first Global Admin. The new tenant will not own company.com — it will just treat ******@company.com as an external admin identity.

To implement it, use the following procedure:

Go to the Azure Portal → top-right tenant switcher → Create a tenant.

Type: Entra ID (Microsoft Entra ID).

Give it a name (e.g., "Company Dev Tenant").

Microsoft assigns the default domain: company2.onmicrosoft.com.

After creation:

******@company.com is the initial Global Admin in that tenant.

No need to use a personal email; your work email is fine.

Later, you can invite other users (e.g., more @company.com accounts) as guests and promote them to admins if needed.

In other words, your understanding is correct:

Step 1: Create second tenant (company2.onmicrosoft.com, default domain).

Step 2: Sign up with ******@company.com — that becomes Global Admin right away.

Step 3 (optional): Invite additional @company.com users as members/guests and assign roles.

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin
Xolex Nguyen 20 Reputation points

2025-09-19T06:27:11.57+00:00

Hi Marcin, I got it. Thanks for your help.

1 additional answer

Your answer

Xolex Nguyen 20 Reputation points

2025-09-08T03:49:57.9733333+00:00

Hi Marcin,

Thank you so much for your detailed clarification and solution.

Regarding the options you mentioned, the option "Create the second tenant (company2.onmicrosoft.com) but only use its default domain or add a different custom domain (e.g., apps.company.com, company2.com)" is what I mean.

As I mentioned initially, I need to create a new Azure tenant (whichever the xxx.onmicrosoft.com domain is, not need to algin with the domain company.com), but the root administrator is ******@company.com - that's fine.

=> So, from your comment, I understand that the only way to do this is:

Create a second tenant (company2.onmicrosoft.com) but only use its default or a different domain

Invite the ******@company.com to the 2nd tenant as a member and assign the "Global admin" role

Is it correct?

=> and how to create a new one using a default domain? Or do I need to use a personal email address to create the new first and then invite user@?

May I use the email address ******@company.com to create a new default domain tenant (xxx.onmcirosoft.com)?

Many thanks

Xolex
Xolex Nguyen 20 Reputation points

2025-09-19T06:27:11.57+00:00

Hi Marcin, I got it. Thanks for your help.

Answer 1

Anonymous

Hi Xolex,

it’s possible to create a new Azure AD (Microsoft Entra ID) tenant with its own default domain, for example company2.onmicrosoft.com. This new tenant will be completely independent of the existing Microsoft 365 tenant (company.onmicrosoft.com).

Custom Domain Limitation:

A custom domain (e.g., company.com) can only be verified in one Azure AD tenant at a time. If @company.com is already added and verified in the existing Microsoft 365 tenant, it cannot also be verified in a second tenant simultaneously.

Options / Workarounds:

If there’s a requirement to use the same domain in the new tenant, it would first need to be removed (unverified) from the existing tenant. However, this is generally not feasible since the current Microsoft 365 services rely on it.

A more practical approach is to verify a subdomain in the new tenant, for example:

apps.company.com

cloud.company.com

Subdomains can be verified in a different tenant even when the root domain (company.com) is already in use.

Tenant Separation:

Using company2.onmicrosoft.com as the default tenant domain is fully supported. However, if user sign-ins or app deployments require a custom domain, you’ll need to rely on the subdomain strategy, unless the existing Microsoft 365 tenant is being migrated.

I hope this answers your query.

Regards,

Aman

Anonymous

2025-09-15T08:32:39.1066667+00:00

Hi Xolex,

Could you please confirm if my response addressed your query, or let me know if you need any further clarification.

Thanks
Anonymous

2025-09-16T09:15:40.46+00:00

Hi Xolex, Kindly confirm if the provided answer resolves your query. If so, please mark this answer as accepted. Should you need any further details, feel free to reach out. Thanks.
Xolex Nguyen 20 Reputation points

2025-09-19T06:29:05.3466667+00:00

Hi Aman, thanks for your help. It was also mentioned in Marcin's response. I understood.

Share via

How to create a new Azure tenant for another company

1 additional answer

Your answer