Skip to content

Commit 81ec4b0

Browse files
saraswatshantanusaraswatshantanu
authored
Update custom-domain.md to remove flawed sample and replace with instructions to request a support ticket
We were told by customers that it is possible to bypass the sample in docs that talks about blocking access to the b2clogin domain. This change removes it and replaces it with instructions to open a support ticket if the customer wants it since B2C team has a backend flag to enable per-customer on demand.
1 parent c6a0323 commit 81ec4b0

File tree

1 file changed

+3
-7
lines changed

1 file changed

+3
-7
lines changed

articles/active-directory-b2c/custom-domain.md

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -333,14 +333,10 @@ https://<domain-name>/11111111-1111-1111-1111-111111111111/v2.0/
333333

334334
## (Optional) Block access to the default domain name
335335

336-
After you add the custom domain and configure your application, users will still be able to access the &lt;tenant-name&gt;.b2clogin.com domain. If you want to prevent access, you can configure the policy to check the authorization request "host name" against an allowed list of domains. The host name is the domain name that appears in the URL. The host name is available through `{Context:HostName}` [claim resolvers](claim-resolver-overview.md). Then you can present a custom error message.
337-
338-
1. Get the example of a conditional access policy that checks the host name from [GitHub](https://github.com/azure-ad-b2c/samples/tree/master/policies/check-host-name).
339-
1. In each file, replace the string `yourtenant` with the name of your Azure AD B2C tenant. For example, if the name of your B2C tenant is *contosob2c*, all instances of `yourtenant.onmicrosoft.com` become `contosob2c.onmicrosoft.com`.
340-
1. Upload the policy files in the following order: `B2C_1A_TrustFrameworkExtensions_HostName.xml` and then `B2C_1A_signup_signin_HostName.xml`.
341-
342-
::: zone-end
336+
After you configure custom domains, users will still be able to access the Azure AD B2C default domain name *&lt;tenant-name&gt;.b2clogin.com*. You need to block access to the default domain so that attackers can't use it to access your apps or run distributed denial-of-service (DDoS) attacks. [Submit a support ticket](find-help-open-support-ticket.md) to request for the blocking of access to the default domain.
343337

338+
> [!WARNING]
339+
> Don't request blocking of the default domain until your custom domain works properly.
344340
345341
## (Optional) Azure Front Door advanced configuration
346342

0 commit comments

Comments
 (0)