In ARS database, there is a table “dbo.AzureDomains” which contains all the information of the Azure domains and it’s “AuthenticationType”.
When Tenant Type selected is Federated:
For Azure operations “ARS verifies” the domain on which operations performed is a Federated domain or not. For the Domain It verifies “AuthenticationType” is having a value “Federated” or not.
If the Domain’s “AuthenticationType” is having a value “Federated”, then the domain is considered as Federated domain. Performs the Azure operation. Else it will not perform Azure operations.
Further when azure tenant type selected is "Federated" then on-premise domain and UPN suffix selected during Azure object creation should be same.
If the Tenant Type is toggled to “Synchronization Identity Domain” type For Azure operations “ARS does not verifies” the domain for “AuthenticationType” having value “Federated” or not.
More details can be found in the KB 234587 to understand when to select “Azure Tenant Type” as “Federated” or “Synchronization Identity Domain”