I can actually answer myself on this, it works indeed.
The way we use this might be interesting for some of you, as in fact it allows you to easily plan and execute a DNS change that is independent from the actual setup.
With my application that uses frontdoor I deploy a separat DNS zone which is independent of the actual customer DNS. Then I tell the customer to create two CNAME records www.xyz.com
which point to www.mydnsrecord.com
. the mydnsrecord.com is the DNS zone I deploy with frontdoor, and create the TXT record for the certificate validation and the CNAME entry for the CDN endpoint. Works fine.