IP addressing and name resolution for Office 365 with single sign-on and Azure Virtual Machines

 

Applies to: Office 365

Summary: Describes how to configure DNS and DHCP to support directory integration components on Azure Virtual Machines for Office 365 with single sign-on.

We're listening to your feedback and consolidating all our Office 365 deployment content. On July 1st, 2015, all information in this guide will be moved to https://support.office.com/, and these pages will be removed from TechNet. As you review the content still on TechNet, you'll notice many have links pointing to the new content already on https://support.office.com/.

To explore content available on https://support.office.com/, start with the Office 365 for business - Admin Help page.

Static IP addresses are not supported in Azure Virtual Machines. Instead, you have to use Dynamic Host Configuration Protocol (DHCP) addressing. When you do this, virtual machine IP addresses that are attached to a Azure Virtual Network persist for the lifetime of the virtual machine. This means that the Windows Server Active Directory requirements for IP addressing are met as are those for DNS as long as it is co-located with the domain controller (recommended). In addition, Azure Virtual Network provides some control over IP addressing and DNS.

IP addressing

You need to configure the Virtual Machines to use Dynamic Host Configuration Protocol (DHCP)-leased addresses. Azure ensures that leases never expire or move between virtual machines. This non-static configuration is the opposite of what most Active Directory administrators are used to doing, but it’s a requirement for the virtual machines to work seamlessly with the VPN and on-premises servers.

To ensure that the domain controllers do not change DHCP-assigned IP addresses even when stopped and restarted, you can assign them a static internal IP address, also known as a DIP. For more information, see Configure a Static Internal IP Address (DIP) for a VM. A static DIP for a Virtual Machines is equivalent to a DHCP reservation.

Important

Do not consider statically defining a previously leased address. This will appear to work for the remaining period of the lease, but when the lease expires, the Virtual Machines will lose all communication with the network and will be disconnected from the network. Additionally, the static IP address configuration will be automatically removed when the virtual machine is stopped and restarted.

Name resolution

You will need to deploy Windows Server DNS on the domain controllers. Azure DNS servers, provided by default for Virtual Machines, don’t meet the complex name resolution needs of Windows Server AD DS, nor does it support dynamic service records (SRV records), and so on. As with on-premises deployments of Windows Server, Active Directory DNS remains a critical configuration item for domain controllers and domain-joined clients.

For fault tolerance and performance reasons, we recommend that you install the Windows Server DNS service on the DCs running on Azure.