Domain Change / Alias Swap Office 365 vs Proofpoint

Created by Yves Lacombe, Modified on Thu, 18 May, 2023 at 3:10 PM by Yves Lacombe

PROBLEM/ISSUE


You or one of your clients has a tenant in office365 and want to change their primary domain to something else.


Example:


MyWidgets.com Wants to be turned into MyGadgets.com


This has several implications on the proofpoint side and the office365 side.  Here's the best way to get to where you want to go on both sides.



PROCESS



First, I'm making a couple of assumptions.

a. They are keeping their old domain around for a while.

b. You will first create the new domain in office365 as an aliased domain (MyGadgets.com) and every user will have their primary address as being jimbob@MyWdigets.com with an alias of jimbob@MyGadgets.com

c. When the time comes, you'll switch the primary domain with the aliased domain on the office365 side.



On the proofpoint side, we need to proceed like this:

1. Declare MyGadgets.com as a domain and make sure that it's pointing to same tenant as MyWidgets.com
2. Assuming you declared already the domain in O365 (assumption a & b above), force a sync on the proofpoint side
3. The aliases should populate properly in proofpoint.  Wait one hour.
4. Check mail flow to make sure both  jimbob@MyWidgets.com with an alias of jimbob@MyGadgets.com (send test emails).  
5. Once confirmed ...  change the MX record for MyWidgets.com to point to proofpoint
6. TURN OFF THE SYNC on the proofpoint side (Set sync frequency to NEVER under Azure AD)
7. Do your swap on the office365 side (ie: assumption (c))
8. [VIRCOM] needs to  run an alias swap manually  to swap the users and their aliases so they don't loose their user wl/bl and quarantine contents (which implies this needs to be scheduled with our professional services team ahead of time)
9. Once we did the swap on the proofpoint side, we can force a manual sync to see if anything broke
10. Fix whatever is broken, then re-enable the sync
11. Job's done.


You need to involve us (Vircom) for step #8 to do the alias swap using API-based tools if you don't want to lose the user trusted & blocked lists, and their quarantined items.