![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 72%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Domain verification for logicx-ai.com fails even though TXT and MX records resolve publicly because Microsoft Entra ID must see the verification record in the authoritative DNS zone and the domain must not already be verified in another tenant.
Based on the documented behavior, the following checks and actions are required:
- Confirm the authoritative DNS and record placement
- The TXT or MX record must be created in the DNS zone that is authoritative for logicx-ai.com.
- If the domain’s nameservers point to another provider (for example, Microsoft 365 nameservers such as
ns1.bdm.microsoftonline.com), then records created only at GoDaddy are ignored. In that case, the TXT/MX verification record must be created in the DNS system of the authoritative provider (for example, Microsoft 365 DNS), not just at the registrar. - Ensure the TXT record is at the root of the domain (logicx-ai.com) and not on a subdomain, unless verifying a subdomain specifically. For Entra ID custom domain verification, the hostname must not be empty or
@when verifying a subdomain; for the root domain, it must be associated correctly with the root.
- Verify the record value is exactly as provided
- The TXT value must include the full string, including the
MS=prefix, for exampleMS=ms90319775. - Any deviation (extra spaces, missing
MS=, quotes handled incorrectly by the DNS host) will cause verification to fail. - Microsoft 365 guidance explicitly calls out missing
MS=or unsaved zone changes as common causes of verification failure.
- The TXT value must include the full string, including the
- Allow for DNS propagation and retry
- DNS propagation can take an hour or more depending on TTL and provider behavior. The guidance is to wait at least an hour and then retry verification in the Microsoft Entra admin center.
- If verification still fails, re-check the record at the authoritative DNS host (not only via public resolvers) to ensure it is present and saved.
- Ensure the domain is not already verified in another directory
- A custom domain can only be verified in one Microsoft Entra tenant at a time.
- If logicx-ai.com is already verified in another Entra ID/Microsoft 365 tenant (including unmanaged tenants created by self-service sign-up, such as Power BI), verification in a new tenant will always fail.
- To resolve this, the domain must be deleted from the old tenant before it can be verified in the new one. If there is an unmanaged tenant, an admin must take over that directory and then remove the domain.
- Re-run verification from the correct tenant and role
- Sign in to the Microsoft Entra admin center as at least a Domain Name Administrator.
- Confirm the correct tenant is selected.
- Go to Entra ID → Domain names → select logicx-ai.com → Verify.
If all of the above are correct (authoritative DNS, exact TXT/MX value, propagation time, and the domain is not present in any other tenant), verification should succeed. Backend “negative cache flush” or manual verification is not documented as a supported path; instead, the documented resolution is to correct DNS placement/values and remove any conflicting verification in other tenants.
References: