Hi @Paul Hill (TMI Systems - Development) ,
Thanks for reaching out.
It seems that you want to move the domain which hosts your Teams app authentication flow to Domain B. However, you are concerned that changing the "Application ID URI" in the "Entra -> App Registration -> [App Name] -> Expose an API" section would break authentication for all the existing users of the app using Domain A.
You are correct that the "Application ID URI" must match the tab domain to avoid the "App resource defined in manifest and iframe origin do not match" error. Unfortunately, it is not possible to have multiple valid Application ID URI's.
One possible solution is to create a new app registration in Entra for the new domain and update the manifest.json to point to the new app registration. You can then gradually migrate your users to the new app registration by prompting them to re-authenticate with the new domain. This way, you can avoid breaking authentication for all the existing users of the app using Domain A.
Hope this will help.
Thanks,
Shweta