To prevent Microsoft from trying to sign in users that are already logged on to one Azure AD / Office 365 tenant with possibly the wrong Microsoft work or school account, you can configure a domain hint.
Configuring a domain hint is optional. If configured, the plugin will sent the hint along with the request to authenticate the user. This helps Microsoft to decide whether a user already has a valid (login) session for the domain hinted at.
Under normal circumstances you don’t need to configure this hint. However, more and more users have accounts in multiple Office 365 / Azure AD tenants or work on computers where users have previously logged on to different Office 365 / Azure AD tenants. For example, at home a family member may have logged on to the Office 365 / Azure AD tenant of his / her school or university. In these cases, users may see the following error when they try to sign into your website:
AADSTS90072: User account xxx from identity provider xxx does not exist in tenant xxx and cannot access the application xxx in that tenant. The account needs to be added as an external user in the tenant first.
To configure a domain hint, simply add the domain suffix used for your users’ principal (login) name in the designated input box e.g. example.com and click Save settings. You should not include https:// (which is basically a web address / URL and not a domain).