I am a bit confused with the "Add Domain" thing. I know we have to add our public domain name (e.g. contoso.com) into Office 365. But I also saw a lot doco refers adding "Your domain into Office 365" for ADFS... Does that mean we need to also add our internal AD domain FQDN into Office 365?
If the answer is yes, then we are in trouble. Our internal AD FQDN is in a format like:"CONTOSO.INT". This is rather unfortunate, as now those 3rd Party CAs like Thawte, will no longer issue certificates contain such internal FQDN, as "INT" is part of Internet Root Name. So we cannot obtain a SSL certificate from any 3rd Party issuers.
If we need to add our internal AD domain into Office 365, how can I verify the ownership? As the DNS records are all internal, how can I let Office 365 verify the TXT record I added?
If we DO NOT need to add the internal AD FQDN (contoso.int) into Office 365, how can we setup ADFS with our AD domain? Does that mean we just need to publish ADFS proxy as something like fs.contoso.com?