Plan the DNS record requirements for a custom domain
After the Microsoft 365 setup wizard has verified the organization owns the custom domain, the administrator should add other DNS records to the custom DNS zone. These records should enable the organization’s clients to locate Microsoft 365 services. Each DNS zone can contain several different DNS record types that provide differing name resolution services.
- If the organization hosts its own external DNS server, then a DNS administrator should add the necessary DNS records to provide client connectivity to Office 365 services.
- If a DNS provider hosts the organization’s DNS zone, then administrators should add the necessary DNS records through the appropriate management console that the DNS provider has created. Some DNS providers, such as GoDaddy, provide automated DNS record configuration for Microsoft 365. This design saves organizations from having to manually create their DNS records for Microsoft 365. Organizations may also select the option to have Microsoft 365 configure and host the DNS records.
Microsoft 365 uses the following subset of DNS records, each of which is examined in the following sections:
- DNS records for Exchange Online
- DNS records for Skype for Business Online
- DNS records for Mobile Device Management for Microsoft 365
DNS records for Exchange Online
DNS records for Exchange Online include:
- MX. This record is a requirement for SMTP communication between Exchange Online in Microsoft 365 and mail servers on the Internet.
- CNAME. Outlook clients use this record to locate the Autodiscover service in Microsoft 365.
- TXT. This record is a requirement for Sender Policy Framework (SPF) anti-spam protection and for organizations that use federation.
The following table identifies the requirements for the MX and CNAME records for Exchange Online.
Type
Priority
Host name
Points to address
TTL
MX
0
@
Adatum-com.mail.protection.outlook.com
One Hour
CNAME
-
autodiscover
autodiscover.outlook.com
One Hour
The following table identifies the requirements for the TXT records for Exchange Online.
Type
TXT name
TXT Value
TTL
TXT
@
v=spf1 include:spf.protection.outlook.com -all
One Hour
TXT
@
Custom-generated, domain-proof hash text
One Hour
DNS records for Skype for Business Online
DNS records for Skype for Business Online include:
- SRV. This record is used for SIP federation where a Microsoft 365 domain shares instant messaging (IM) features with external clients. An SRV record is also used to coordinate the flow of communication between Skype for Business clients.
- CNAME. CNAME records are used by Skype for Business desktop clients and mobile clients to find the Skype for Business Online service in Microsoft 365 and sign in.
The following table identifies the requirements for the SRV records for Skype for Business Online.
Type
Service
Protocol
Port
Weight
Priority
TTL
Name
Target
SRV
_sip
_tls
443
1
100
One Hour
@
sipdir.online.lync.com
SRV
_sipfederationtls
_tcp
5061
1
100
One Hour
@
sipfed.online.lync.com
The following table identifies the requirements for the CNAME records for Skype for Business Online.
Type
Host name
Points to address
TTL
CNAME
sip
sipdir.online.lync.com
One Hour
CNAME
lyncdiscover
webdir.online.lync.com
One Hour
The DNS record for Office 365 Single Sign-On is an Address (A) record. The record is used where organizations need single sign-on (SSO) with Active Directory Federation Services (AD FS). The record provides the endpoint for on-premises and external users to connect to organizational Web Application Proxy servers or load-balanced virtual IP addresses.
The following table identifies the requirements for the Address (A) record for Microsoft 365 Single Sign-On.
Type
Host name
Points to address
TTL
Host (A)
sip
sipdir.online.lync.com
One Hour
DNS records for Mobile Device Management for Microsoft 365
The DNS records for Mobile Device Management for Microsoft 365 include:
- CNAME for manage.microsoft.com. When Microsoft 365 users sign in on their mobile devices with an email address, this setting is used to redirect them to enroll in MDM for Microsoft 365.
- CNAME for enterpriseregistration.windows.net. This setting is used for workplace join for mobile devices.
The following table identifies the requirements for the CNAME records for Mobile Device Management for Microsoft 365.
Type
Host name
Points to address
TTL
CNAME
enterpriseregistration
enterpriseregistration.windows.net
One Hour
CNAME
enterpriseenrollment
enterpriseenrollment.manage.microsoft.com
One Hour
The DNS record for Microsoft Online Services Sign-In Assistant is a CNAME record. This record is used during the authentication process by client applications, such as Outlook, Skype for Business Online, Windows PowerShell, and the Microsoft Azure Active Directory Sync tool. Microsoft 365 uses this record to connect clients to the appropriate authentication endpoint, depending on the client location.
The following table identifies the requirements for the CNAME record for Microsoft Online Services Sign-In Assistant.
Type
Host name
Points to address
TTL
CNAME
msoid
clientconfig.microsoftonline-p.net
One Hour
The following diagram shows how an organization only needs to configure pointers to Microsoft 365 to use their custom domain names in Microsoft 365.
Additional reading. For more information, see External Domain Name System records for Microsoft 365.
Need help? See our troubleshooting guide or provide specific feedback by reporting an issue.