The domain portion of the userPrincipalName is invalid

Question

Hello, I am trying to set up a new domain for my email and get this error - The domain portion (sample.com) of the userPrincipalName is invalid. I have logged into Entra and verified that this domain is on the verified list. I have not made it to the update DNS screen of the set up wizard and so not sure if I need to wait the prescribed 72 hrs for it to update?

Specifically, I am in the M365 Admin center under Set up domain > Overview > Add domain > Set email addresses > Your email address - this is where the error occurs.

Answer 1

Dear @Jasmine Trojanowski,

Good day! Welcome to Microsoft Q&A forum!

Based on your description, I understand that you’re trying to add a new domain for email in Microsoft 365, but you’re receiving an error stating that the domain portion of the userPrincipalName is invalid. Although the domain already appears as verified in Entra ID, the error occurs during the “Set email addresses” step in the M365 Admin Center, before reaching the DNS update stage. You’re unsure whether this is a sync delay and whether you need to wait for the expected propagation period before continuing.

In many cases, this behavior is related to backend replication and propagation timing between Entra ID and the Microsoft 365 Admin Center. Even though the domain appears as verified, it can take 24–48 hours for all Microsoft services to fully recognize and allow the domain to be used for userPrincipalName (UPN) assignments and email addresses.

At this stage, I recommend that you should wait 24–48 hours and then try setting the email address again in the Microsoft 365 Admin Center.

If the issue persists beyond 48 hours, the next best step would be to raise a support ticket with Microsoft. At that point, support can check for:

• Stuck or incomplete backend domain replication
• Conflicts with existing tenant settings
• UPN validation issues if applicable

Please note that this is a community forum where users help one another. We do not have control over user accounts, including login issues, password resets, or access changes.

After 48 hours and the issue is still there, here’s what your Microsoft 365 Global Admin should do next:  

Submit a Service Request: The Global Admin should create a service request with Microsoft support to get advanced technical assistance and diagnostics. For detailed instructions on how to get support, please refer to Get support - Microsoft 365 admin. 

Thank you for your patience and understanding!

---

If you have extra questions about this answer, please click "Comment". 

Note: Please follow the steps in [our documentation] to enable e-mail notifications if you want to receive the related email notification for this thread. 

Answer 2

The error indicates that the domain portion of the userPrincipalName (UPN) is not being accepted yet as a valid, routable domain for account sign‑in and email, even though it appears in the verified list.

Use these checks and steps:

1. Confirm the domain is fully verified, not just added
   • In the Microsoft 365 admin center, go to Setup → Domains.
   • Check the Status column for the domain:
     • If it shows any issue, select the three dots (…) → Check health and follow the guidance.
   • If the domain is still in a “verification” state, complete TXT verification and wait for it to show as Verified.
2. Re‑check the TXT verification record
   • If verification is failing or stuck, the TXT record may be slightly wrong.
   • Ensure the TXT record value exactly matches what Microsoft 365 provided, including the MS= prefix.
   • Make sure the record is saved at the DNS host and has had time to propagate. It can take a few minutes to a few hours.
3. Understand the 72‑hour guidance
   • For new domains, MX and other DNS changes can take up to 72 hours to propagate globally.
   • However, the UPN/domain validation error at the “Set email addresses” step is usually about domain verification and health, not MX propagation. The domain must be fully verified and healthy before it can be used in UPNs.
4. If domain verification is complete but the error persists
   • Use Setup → Domains → [your domain] → Check health to see if any service‑specific issues are reported.
   • If the domain was recently verified, wait a short period (typically up to a few hours) and try the wizard again, as backend directory/domain sync can be slightly delayed.

If the domain shows as fully verified and healthy and the error continues beyond normal propagation time, contact Microsoft 365 support from Microsoft 365 admin center → Help & Support → Contact support for tenant‑specific investigation.

---

References:

• Find and fix issues after adding your domain or DNS records
• Email messages aren't received for a new domain that you add in the Microsoft 365 portal
• Error message when you try to verify a domain in Office 365