Limits with my on prem AD DS domain wit "_" 😑

Hello every body, 

Here is my situation. 

I have a domain name : "domain_contoso.com" that all my servers were joined to it, and i don't have a synchronisation with MS Entra ID. 

My project now, is to migrate my servers to azure and i'm confused. In fact, i want to extend my active directory with this domain on a vm azure and configure trust and replication but the problem that i can't create a verified domain with the "_" and MS Entra Id doesn't accept that also. 

So, my questions are : 

- If i purchase a new verified domain "domaincontoso.com" where is without the "_" and i added it to MS Entra ID, then, i synchronise all my users from "domain_contoso.com" to MS Entra ID and i extend the same active directory on prem to a vm on azure with a config for the replication. 

That's work ? There's no risks ? 

- if i purchase a new verified domain "contoso.com" and create a new active directory on a vm azure witb this domain then , i configure the synchronisation to MS Entra ID. 

Also, i configure the trust with the on prem "domain_contoso.com" to ensure that all users on prem AD can access to the server with the new domain in Azure after migration.

What is the best solution ? And what are the + and - ? 

Thank you very much