Add Custom Domain to EUM V6

By default EUM Admin and EUM Portal have the URLs as https://appservicename.azurewebsites.net, where appservicename is the name of the EUM App Service hosted in Azure.

Adding a custom domain would change the URL to a more friendly one, something like https://portal.mydomain.com, where portal.mydomain.com is a custom domain for the EUM Portal.

Adding a custom domain to EUM V6 is a multi-step process:

1. Get the CNAME and TXT Value for the Custom Domain
2. Make DNS Entries with the CNAME and TXT Values obtained
3. Add the Custom Domain to the EUM Admin and/or EUM Portal App Services
4. Generate free Azure SSL or Import your SSL Certificate in .pfx format
5. Bind SSL to the Custom Domain
6. Change configurations in the EUM App Registrations within Azure AD and EUM Config SharePoint site

Get the CNAME and TXT Value for the Custom Domain

1. In the App Service left hand menu click Custom Domains. This will open the Custom Domains tab
2. In the Custom Domains tab click + Add custom domain. This will open a detailed tab
   
3. In the detailed tab
   1. For Domain Provider select "All other domain services" if you are not purchasing the domain from Azure
   2. For TLS/SSL certificate, select "App Service Managed Certificate" to make use if the free SSL Certificate that Azure provides for you. This is recommended as it eliminates the work of uploading a new certificate upon expiry of the current one. If you want to make use of a wildcard SSL certificate instead, select "Add certificate later"
   3. Always select "SNI SSL" for the TLS/SSL Type.
   4. In the field for Domain put in the custom domain without the https://
   5. For Hostname record type select "CNAME"
   6. At this point Azure will display the CNAME and TXT Values. Keep a note of these.
      

Make DNS Entries with the CNAME and TXT Values obtained

1. Add the CNAME and TXT Values obtained in the earlier steps to your DNS

Add the Custom Domain to the EUM Admin and/or EUM Portal App Services

1. In the App Service left hand menu click Custom Domains. This will open the Custom Domains tab
2. In the Custom Domains tab click + Add custom domain. This will open a detailed tab
   
3. In the detailed tab
   1. For Domain Provider select "All other domain services" if you are not purchasing the domain from Azure
   2. For TLS/SSL certificate, select "App Service Managed Certificate" to make use if the free SSL Certificate that Azure provides for you. This is recommended as it eliminates the work of uploading a new certificate upon expiry of the current one. If you want to make use of a wildcard SSL certificate instead, select "Add certificate later"
   3. Always select "SNI SSL" for the TLS/SSL Type.
   4. In the field for Domain put in the custom domain without the https://
   5. For Hostname record type select "CNAME"
   6. At this point Azure will display the CNAME and TXT Values.
   7. Click Validate
      
4. Because the DNS entries are already made, the validation would pass and the Add custom domain button will be enabled
5. Click Add custom domain
   
6. Custom domain would be added
7. If you selected App Service Managed Certificate, then at this point the certificate will be generated and Binding done. The process may take some time. To check the progress you can click the bell icon in the top right of the browser
   

Generate free Azure SSL or Import your SSL Certificate in .pfx format (Optional)

Normally if App Service Managed Certificate is selected as an option while adding the Custom Domain, this step is done automatically by Azure. If not, follow the below steps.

If you want to make use of a wildcard SSL certificate instead of a Azure App Serviced Managed one, and  selected "Add certificate later" while adding the Custom Domain, follow this step. Else this can be ignored.

Azure provides free SSL Certificate for Azure App Services. To make use of that, follow the related FAQ: Add a Free Azure SSL Certificate in EUM installed as App Service

Alternatively, if you already have an SSL in .pfx format, you could import that to the EUM Portal and/or Admin App Service

1. In the App Service, go to the TLS/SSL Settings from the left hand menu. It could also be displayed as "Certificates" instead of TLS/SSL settings
   
2. Go to Bring your own certificates (.pfx) tab and click Add Certificate
   
3. Browse to the certificate and upload it
   

Bind SSL to the Custom Domain (Optional)

If you want to make use of a wildcard SSL certificate instead of a Azure App Serviced Managed one, and  selected "Add certificate later" while adding the Custom Domain, follow this step. Else this can be ignored.

1. Get back to the Custom Domains page and click Add binding for the custom domain
   
2. Select the SSL certificate from the dropdown in the dialog box, and click Add Binding
   
   
   
3. Notice that the custom domain now shows Secured and the App Service URL in the Overview tab changes to the custom domain
   

Change configurations in the EUM App Registrations within Azure AD and EUM Config SharePoint site

In order for the Azure AD login to EUM Admin to work properly, the new custom domain and SSL routing needs to be added to the EUM Admin App Registration.

1. Go to Azure Active Directory in the Azure portal
2. Go to App registrations
3. Search and select the xxx_EUM_Admin App registration just created, where xxx is the App
   Service name EUM was installed to
4. Go to Authentication
5. Select Add URI and add the new App Service URL as the URI
6. Save the App Registration

The Admin and Portal URLs are stored in the Suite Config list in the EUM SharePoint site collection. These should be updated to reflect the new URLs. Once updated, the App Services for both Admin and Portal should be restarted in the Azure portal.

Related Microsoft document:

Map existing custom DNS name - Azure App Service | Microsoft Learn

Add and manage TLS/SSL certificates - Azure App Service | Microsoft Learn