In this post, we’ll take a look at adding a domain to Microsoft365 and configuring your DNS records with an Azure DNS Zone.
Table of Contents
Create a Microsoft365 tenancy
The first step to getting a domain set up in Microsoft365 is to set up a tenancy.
A tenancy is a placeholder to contain your domains, user accounts, mailboxes, etc.
If you’re in Australia and want us to help you get all this set up, then you can contact us at Expeed
For anyone else, you can go through Microsoft’s public site to purchase licenses. The Business grade licenses are over at https://www.microsoft.com/en-au/microsoft-365/business/compare-all-microsoft-365-business-products
Add domain to Microsoft365 tenancy
When you get your tenancy set up, you can add your own domain by following these steps
Log in to the Microsoft365 portal at https://portal.office.com.
Click on the Admin icon on the left menu, which will take you to the Microsoft 365 admin center
Click on “…Show all” in the left menu to expand out all menu options
Expand the Settings menu, then click Domains to load the domain page. You will see that there is already an *.onmicrosoft.com domain present. This is the default domain configured for your tenancy.
Click on Add domain at the top to add a new domain. In our example, we’ll use demodomain.com.au
Enter your domain name and click the “Use this domain” button
The next step is to verify that you own the domain which we’ll work through in the next section
Validate your domain in Microsoft365
Click the Add domain button and enter the name of your domain, then click Use this domain. For this example, we’ll use demodomain.com.au
You’ll them be prompted with 3 options to validate the domain to prove to Microsoft that you own and have management capabilities over that domain. In this example, we’ll be looking at the first option, which is “Add a TXT record to the domain’s DNS records”. Select this option and click continue.
You will then presented with the DNS information for the required TXT record. From here we need to head over to Azure DNS to add the DNS records in.
Validate your domain in your Azure DNS Zone
If you’ve created a DNS zone for your domain in Azure, then you will see something like below.
If you’re not sure how to add a DNS zone to Azure, you can have a read of my Host your domain with Azure Public DNS zones article.
This is the effectively blank DNS zone you can begin adding records to.
From here you can click on “+ Record set” to add a record to your DNS.
As this is a top level domain level record which is shown by the TXT Name of “@ (or skip if not supported by provider)“, you leave the Name option blank. Change the Type option to TXT and add the TXT Value provided in Microsoft365 into the Value field and click Ok.
Now that we’ve added our validation TXT record, we can switch back to Microsoft365 to verify the domain. Adding this record proves to Microsoft365 that we have administrative access to the domain.
Once the domain is verified, we have the option of how we want to connect our domain. If Microsoft365 detects that our domain is managed by a DNS system that they can integrate with, like Cloudflare, it will give you the option to login to your Cloudflare account to automatically set up the records.
Now doing things automatically isn’t very fun, and we don’t learn anything right!! So we’ll do it manually. Interestingly they don’t seem to have an integration with their own Azure DNS for now, which I would have thought would have been the first one to be integrated. Anyway, let’s move on by selecting “Add your own DNS records” and clicking Continue.
Point your email to Microsoft365
Once you have your domain verified, you can start adding users, groups, and doing any other configuration that you need, but email for your domain will not flow through to your Microsoft365 tenancy just yet. For that to happen, you need to change the following DNS records that Microsoft365 provides to you.
There are three primary records that you need to add to make your email work correctly.
An MX record which tells the internet where to send your email.
A CNAME record for autodiscover, which helps email clients like Outlook automatically configure itself with your mailbox settings.
And your SPF TXT record, which is a security mechanism that tells email servers that are receiving email from your domain which servers you’ve authorised to send email on your behalf. If you’re keen to find out more about SPF, you can have a read of this article Set up SPF to help prevent spoofing. Note that this does say “help”! SPF is not a silver bullet to stop spoofing but it helps.
Adding your MX, CNAME and TXT records to Azure DNS
Back over in the Azure DNS zone editor, click “+ Record set” again to add a new record, then change the record Type to MX. As this is a top level record, the Name field is left blank. In the Preference field in the top row, add “0” and in the Mail exchange field in the top row, enter the value provided by Microsoft365 in the screenshow above. In our instance it’s “demodomain-com-au.mail.protection.outlook.com”, then click Ok.
Adding our CNAME record follows much the same process. Click “+ Record set” again to add a new record, then change the record Type to CNAME. The Name property is set to “autodiscover”, and the Alias field is set to “autodiscover.outlook.com”, then click Ok.
The final record is the TXT record. Now we already have a top level TXT record for our domain that we used to add the verification record to, so we need to edit that record and append the SPF record information.
So in your zone editor, click on the existing TXT record that had @ as the Name
You can then add the SPF record provided by Microsoft365 to the next row down in the TXT record. Now click Save in the top left to save the record.
Now that all our DNS entries are added, we can switch back to Microsoft365 and click Continue to verify the records.
If you’ve entered the records correctly you should see a confirmation message.
Summary
You’ve now successfully added your domain to Microsoft365 and set up your DNS records with Azure DNS Zones.
I’m keen to hear if your using Azure DNS zones for your domains, so please comment below and let me know what you think of Azure Public DNS Zones.
If you want to read more about Azure DNS, please check out the related posts below.