Your approach is clean and concise. I attempted to expand it to support multiple domains and this is where I made no progress.

I have come to discover that “SupportMultipleDomain” cannot be used with Set-MsolDomainAuthentication, and simply return a callback to “Failed to connect to Active Directory Federation Services 2.0 on the local machine. Please try running Set-MsolADFSContext before running this command again.”

Known means to achieve this should be either:

Convert-MsolDomainToFederated -DomainName $domainName -SupportMultipleDomain

Update-MsolFederatedDomain -DomainName $domainName -SupportMultipleDomain

The documentation keeps taking me in a circle. Azure AD’s UI tells me to get the Azure Connect installed on-premise (obviously no such thing in this deployment) while the messages here refuse to give me a way to set “SupportMultipleDomains” through what believe should work.