Connect your DNS records at Amazon Web Services (AWS) to Microsoft 365

Check the Domains FAQ if you don't find what you're looking for.

If AWS is your DNS hosting provider, follow the steps in this article to verify your domain and set up DNS records for email, Skype Online for Business, and so on.

After you add these records at AWS, your domain will be set up to work with Microsoft services.

Note

Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Find and fix issues after adding your domain or DNS records.

Add a TXT record for verification

Before you use your domain with Microsoft, we have to make sure that you own it. Your ability to log in to your account at your domain registrar and create the DNS record proves to Microsoft that you own the domain.

Note

This record is used only to verify that you own your domain; it doesn't affect anything else. You can delete it later, if you like.

  1. To get started, go to your domains page at AWS by using this link. You'll be prompted to log in first.

  2. On the landing page, under Domains, select Registered domains.

  3. Under Domain Name, select the domain you want to set up in Microsoft 365.

    Note: If you haven't created a hosted zone for your domain, select Create hosted zone and complete the steps before moving to the next step.

    Select the name of the domain you want to verify.

  4. Select Manage DNS.

    Select Manage DNS from the drop-down list.

  5. Under Domain name, select the domain name for the hosted zone version of the domain you want to verify.

    Select the name of the domain you want to verify.

  6. Select Create record.

    Select Create record.

  7. In the boxes for the new record, type or copy and paste the values from the following table.

    (Choose the Type and Routing policy values from the drop-down lists.)

    Tip

    The quotation marks required by the onscreen instructions are supplied automatically. You don't need to type them manually.

    Record name Record type Value TTL (Seconds) Routing policy
    (Leave this field empty.) TXT - Used to verify email senders MS=msXXXXXXXX
    Note: This is an example. Use your specific Destination or Points to Address value here, from the table in Microsoft 365. How do I find this?
    300 Simple
  8. Select Create records.

    Select Create records.

    Wait a few minutes before you continue, so that the record you just created can update across the Internet.

Now that you've added the record at your domain registrar's site, you'll go back to Microsoft and request a search for the record. When Microsoft finds the correct TXT record, your domain is verified.

To verify the record in Microsoft 365:

  1. In the admin center, go to the Settings > Domains.

  2. On the Domains page, select the domain that you're verifying, and select Start setup.

    Select Start setup.

  3. Select Continue.

  4. On the Verify domain page, select Verify.

Note

Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Find and fix issues after adding your domain or DNS records.

Add an MX record so email for your domain will come to Microsoft 365

  1. To get started, go to your domains page at AWS by using this link. You'll be prompted to log in first.

  2. On the landing page, under Domains, select Registered domains.

  3. Under Domain Name, select the domain you want to set up in Microsoft 365.

    Note: If you haven't created a hosted zone for your domain, select Create hosted zone and complete the steps before moving to the next step.

    Select the name of the domain.

  4. Select Manage DNS.

    Select Manage DNS from the drop-down list.

  5. Under Domain name, select the domain name for the hosted zone version of the domain you want to verify.

    Select the name of the domain.

  6. Select Create record.

    Select Create record.

  7. In the boxes for the new record, type or copy and paste the values from the following table.

    (Choose the Type and Routing policy values from the drop-down lists.)

    Tip

    The quotation marks required by the onscreen instructions are supplied automatically. You don't need to type them manually.

    Record name Record type Value TTL (Seconds) Routing policy
    (Leave this field empty.) MX - Specifies mail servers 0 <domain-key>.mail.protection.outlook.com.
    The 0 is the MX priority value. Add it to the beginning of the MX value, separated from the remainder of the value by a space.
    This value MUST end with a period (.)
    Note: Get your <domain-key> from your Microsoft 365 account. How do I find this?
    300 Simple routing
  8. Select Create records.

    Select Create records.

  9. If there are any other MX records, remove them by selecting the record, and then selecting Delete.

Add the CNAME record required for Microsoft 365

  1. To get started, go to your domains page at AWS by using this link. You'll be prompted to log in first.

  2. On the landing page, under Domains, select Registered domains.

  3. Under Domain Name, select the domain you want to set up in Microsoft 365.

    Note: If you haven't created a hosted zone for your domain, select Create hosted zone and complete the steps before moving to the next step.

    Select the name of the domain.

  4. Select Manage DNS.

    Select Manage DNS from the drop-down list.

  5. Under Domain name, select the domain name for the hosted zone version of the domain you want to verify.

    Select the name of the domain.

  6. Select Create record.

    Select Create record.

  7. In the boxes for the new record, type or copy and paste the values from the following table.

    (Choose the Type and Routing policy values from the drop-down lists.)

    Record name Record type Value TTL Routing policy
    autodiscover CNAME - Routes traffic to another domain name autodiscover.outlook.com.
    This value MUST end with a period (.)
    300 Simple
  8. Select Create records.

    Select Create records.

Add a TXT record for SPF to help prevent email spam

Important

You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a single SPF record that includes both sets of values. Need examples? Check out these External Domain Name System records for Microsoft. To validate your SPF record, you can use one of theseSPF validation tools.

  1. To get started, go to your domains page at AWS by using this link. You'll be prompted to log in first.

  2. On the landing page, under Domains, select Registered domains.

  3. Under Domain Name, select the domain you want to set up in Microsoft 365.

    Note: If you haven't created a hosted zone for your domain, select Create hosted zone and complete the steps before moving to the next step.

    Select the name of the domain.

  4. Select Manage DNS.

    Select Manage DNS from the drop-down list.

  5. Under Domain name, select the domain name for the hosted zone version of the domain you want to verify.

    Select the name of the domain.

  6. Select Create record.

    Select Create record.

  7. In the boxes for the new record, type or copy and paste the values from the following table.

    (Choose the Type value from the drop-down lists.)

    Record type Value
    TXT- Used to verify email senders and for application-specific values v=spf1 include:spf.protection.outlook.com -all
    (The quotation marks required by the onscreen instructions are supplied automatically. You don't need to type them manually.)
    Note: We recommend copying and pasting this entry, so that all of the spacing stays correct.
  8. Select Create records.

    Select Create records.

Advanced option: Skype for Business

Only select this option if your organization uses Skype for Business for online communication services like chat, conference calls, and video calls, in addition to Microsoft Teams. Skype needs 4 records: 2 SRV records for user-to-user communication, and 2 CNAME records to sign-in and connect users to the service.

Add the two required SRV records

  1. To get started, go to your domains page at AWS by using this link. You'll be prompted to log in first.

  2. On the landing page, under Domains, select Registered domains.

  3. Under Domain Name, select the domain you want to set up in Microsoft 365.

    Note: If you haven't created a hosted zone for your domain, select Create hosted zone and complete the steps before moving to the next step.

    Select the name of the domain.

  4. Select Manage DNS.

    Select Manage DNS from the drop-down list.

  5. Under Domain name, select the domain name for the hosted zone version of the domain you want to verify.

    Select the name of the domain.

  6. Select Create record.

    Select Create record.

  7. In the boxes for the new record, type or copy and paste the values from the following table.

    (Choose the Type and Routing Policy values from the drop-down lists.)

    Record name Record type Value TTL (Seconds) Routing policy
    _sip._tls SRV - Application-specific values that id servers 100 1 443 sipdir.online.lync.com. This value MUST end with a period (.)>
    Note: We recommend copying and pasting this entry, so that all of the spacing stays correct.
    300 Simple
    _sipfederationtls._tcp SRV - Application-specific values that id servers 100 1 5061 sipfed.online.lync.com. This value MUST end with a period (.)
    Note: We recommend copying and pasting this entry, so that all of the spacing stays correct.
    300 Simple
  8. To add the other SRV record, select Add another record, create a record using the values from the next row in the table, and then again select Create records.

    Select Create records.

Note

Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Find and fix issues after adding your domain or DNS records.

Add the two required CNAME records for Skype for Business

  1. To get started, go to your domains page at AWS by using this link. You'll be prompted to log in first.

  2. On the landing page, under Domains, select Registered domains.

  3. Under Domain Name, select the domain you want to set up in Microsoft 365.

    Note: If you haven't created a hosted zone for your domain, select Create hosted zone and complete the steps before moving to the next step.

    Select the name of the domain.

  4. Select Manage DNS.

    Select Manage DNS from the drop-down list.

  5. Under Domain name, select the domain name for the hosted zone version of the domain you want to verify.

    Select the name of the domain.

  6. Select Create record.

    Select Create record.

  7. In the boxes for the new record, type or copy and paste the values from the following table.

    (Choose the Type and Routing policy values from the drop-down lists.)

    Record name Record type Value TTL Routing policy
    sip CNAME - Canonical name sipdir.online.lync.com.
    This value MUST end with a period (.)
    300 Simple
    lyncdiscover CNAME - Canonical name webdir.online.lync.com.
    This value MUST end with a period (.)
    300 Simple
  8. To add the other CNAME record, select Add another record, create a record using the values from the next row in the table.

  9. Select Create records.

    Select Create records.

Note

Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

Advanced option: Intune and Mobile Device Management for Microsoft 365

This service helps you secure and remotely manage mobile devices that connect to your domain. Mobile Device Management needs two CNAME records so that users can enroll devices to the service.

Add the two required CNAME records for Mobile Device Management

  1. To get started, go to your domains page at AWS by using this link. You'll be prompted to log in first.

  2. On the landing page, under Domains, select Registered domains.

  3. Under Domain Name, select the domain you want to set up in Microsoft 365.

    Note: If you haven't created a hosted zone for your domain, select Create hosted zone and complete the steps before moving to the next step.

    Select the name of the domain.

  4. Select Manage DNS.

    Select Manage DNS from the drop-down list.

  5. Under Domain name, select the domain name for the hosted zone version of the domain you want to verify.

    Select the name of the domain.

  6. Select Create record.

    Select Create record.

  7. In the boxes for the new record, type or copy and paste the values from the following table.

    (Choose the Type and Routing policy values from the drop-down lists.)

    Record name Record type Value TTL Routing policy
    enterpriseregistration CNAME - Canonical name enterpriseregistration.windows.net.
    This value MUST end with a period (.)
    300 Simple
    enterpriseenrollment CNAME - Canonical name enterpriseenrollment-s.manage.microsoft.com.
    This value MUST end with a period (.)
    300 Simple
  8. To add the other CNAME record, select Add another record, create a record using the values from the next row in the table.

  9. Select Create records.

    Select Create records.

Note

Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.