Domain Change / Alias Swap Office 365 vs Proofpoint

Created by Yves Lacombe, Modified on Thu, 18 May 2023 at 03:10 PM by Yves Lacombe


You or one of your clients has a tenant in office365 and want to change their primary domain to something else.

Example: Wants to be turned into

This has several implications on the proofpoint side and the office365 side.  Here's the best way to get to where you want to go on both sides.


First, I'm making a couple of assumptions.

a. They are keeping their old domain around for a while.

b. You will first create the new domain in office365 as an aliased domain ( and every user will have their primary address as being with an alias of

c. When the time comes, you'll switch the primary domain with the aliased domain on the office365 side.

On the proofpoint side, we need to proceed like this:

1. Declare as a domain and make sure that it's pointing to same tenant as
2. Assuming you declared already the domain in O365 (assumption a & b above), force a sync on the proofpoint side
3. The aliases should populate properly in proofpoint.  Wait one hour.
4. Check mail flow to make sure both with an alias of (send test emails).  
5. Once confirmed ...  change the MX record for to point to proofpoint
6. TURN OFF THE SYNC on the proofpoint side (Set sync frequency to NEVER under Azure AD)
7. Do your swap on the office365 side (ie: assumption (c))
8. [VIRCOM] needs to  run an alias swap manually  to swap the users and their aliases so they don't loose their user wl/bl and quarantine contents (which implies this needs to be scheduled with our professional services team ahead of time)
9. Once we did the swap on the proofpoint side, we can force a manual sync to see if anything broke
10. Fix whatever is broken, then re-enable the sync
11. Job's done.

You need to involve us (Vircom) for step #8 to do the alias swap using API-based tools if you don't want to lose the user trusted & blocked lists, and their quarantined items.