DNS records for Office 365 GCC High
This article applies to Office 365 GCC High and Microsoft 365 GCC High
As part of onboarding to Office 365 GCC High, you will need to add your SMTP and SIP domains to your Online Services tenant. You’ll do this using the New-MsolDomain cmdlet in Azure AD PowerShell or use the Azure Government Portal to start the process of adding the domain and proving ownership.
Note
Azure AD Powershell is planned for deprecation on March 30, 2024. To learn more, read the deprecation update.
We recommend migrating to Microsoft Graph PowerShell to interact with Microsoft Entra ID (formerly Azure AD). Microsoft Graph PowerShell allows access to all Microsoft Graph APIs and is available on PowerShell 7. For answers to common migration queries, see the Migration FAQ.
Once you have your domains added to your tenant and validated, use the following guidance to add the appropriate DNS records for the services below. You may need to modify the below table to fit your organization’s needs with respect to the inbound MX record(s) and any existing Exchange Autodiscover record(s) you have in place. We strongly recommend coordinating these DNS records with your messaging team to avoid any outages or mis-delivery of email.
Exchange Online
Type | Priority | Host name | Points to address or value | TTL |
---|---|---|---|---|
MX | 0 | @ | tenant.mail.protection.office365.us (see below for more details) | One Hour |
TXT | - | @ | v=spf1 include:spf.protection.office365.us -all | One Hour |
CNAME | - | autodiscover | autodiscover.office365.us | One Hour |
Exchange Autodiscover record
If you have Exchange Server on-premises, we recommend leaving your existing record in place while you migrate to Exchange Online, and update that record once you have completed your migration.
Exchange Online MX Record
The MX record value for your accepted domains follows a standard format as noted above: tenant.mail.protection.office365.us, replacing tenant with the first part of your default tenant name.
For example, if your tenant name is contoso.onmicrosoft.us, you’d use contoso.mail.protection.office365.us as the value for your MX record.
Skype for Business Online
CNAME records
Type | Host name | Points to address or value | TTL |
---|---|---|---|
CNAME | sip | sipdir.online.gov.skypeforbusiness.us | One Hour |
CNAME | lyncdiscover | webdir.online.gov.skypeforbusiness.us | One Hour |
SRV records
Type | Service | Protocol | Port | Weight | Priority | Name | Target | TTL |
---|---|---|---|---|---|---|---|---|
SRV | _sip | _tls | 443 | 1 | 100 | @ | sipdir.online.gov.skypeforbusiness.us | One Hour |
SRV | _sipfederationtls | _tcp | 5061 | 1 | 100 | @ | sipfed.online.gov.skypeforbusiness.us | One Hour |
Other DNS records
Important
If you have an existing msoid CNAME record in your DNS zone, you must remove the record from DNS at this time. The msoid record is incompatible with Microsoft 365 Enterprise Apps (formerly Office 365 ProPlus) and will prevent activation from succeeding.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for