Create DNS records at Cloudflare for Office 365

Check the Domains FAQ if you don't find what you're looking for.

If Cloudflare is your DNS hosting provider, follow the steps in this article to verify your domain and set up DNS records for email, Skype for Business Online, and so on.

After you add these records at Cloudflare, your domain will be set up to work with Office 365 services.

To learn about webhosting and DNS for websites with Office 365, see Use a public website with Office 365.

Note

Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

Change your domain's nameserver (NS) records

Important

You must perform this procedure at the domain registrar where you purchased and registered your domain.

When you signed up for Cloudflare, you added a domain by using the Cloudflare Setup process.

The domain that you added was purchased from a separate domain registrar; Cloudflare does not offer domain registration services. To verify and create DNS records for your domain in Office 365, you first need to change the nameservers at your domain registrar so that they use Cloudflare's nameservers.

To change your domain's name servers at your domain registrar's website yourself, follow these steps.

  1. Find the area on the domain registrar's website where you can edit the nameservers for your domain.

  2. Either create two nameserver records by using the values in the following table, or edit the existing nameserver records so that they match these values.

    First nameserver
    Use the nameserver value provided by Cloudflare.
    Second nameserver
    Use the nameserver value provided by Cloudflare.

    Tip

    You should use at least two name server records. If there are any other name servers listed, you should delete them.

  3. Save your changes.

Note

Your nameserver record updates may take up to several hours to update across the Internet's DNS system. Then your Office 365 email and other services will be all set to work with your domain.

Add a TXT record for verification

Before you use your domain with Office 365, we have to make sure that you own it. Your ability to log in to your account at your domain registrar and create the DNS record proves to Office 365 that you own the domain.

Note

This record is used only to verify that you own your domain; it doesn't affect anything else. You can delete it later, if you like.

  1. To get started, go to your domains page at Cloudflare by using this link. You'll be prompted to log in first.

  2. On the Home page, select the domain that you want to update.

  3. On the Overview page for your domain, select DNS.

  4. On the DNS management page, click Add record, and then select the values from the following table.

    Type Name Automatic TTL Content
    TXT
    @
    30 minutes
    MS=ms XXXXXXXX
    Note: This is an example. Use your specific Destination or Points to Address value here, from the table in Office 365. How do I find this?
  5. Select Save.

  6. Wait a few minutes before you continue, so that the record you just created can update across the Internet.

Now that you've added the record at your domain registrar's site, you'll go back to Office 365 and request Office 365 to look for the record.

When Office 365 finds the correct TXT record, your domain is verified.

  1. In the admin center, go to the Settings > Domains page.

  2. On the Domains page, select the domain that you are verifying.

  3. On the Setup page, select Start setup.

  4. On the Verify domain page, select Verify.

Note

Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

Add an MX record so email for your domain will come to Office 365

  1. To get started, go to your domains page at Cloudflare by using this link. You'll be prompted to log in first.

  2. On the Home page, select the domain that you want to update.

  3. On the Overview page for your domain, select DNS.

  4. On the DNS management page, click Add record, and then select the values from the following table.

    Type Name Mail server Priority TTL
    MX
    @
    <domain-key> .mail.protection.outlook.com
    Note: Get your <domain-key> from your Office 365 account. How do I find this?
    1
    For more information about priority, see What is MX priority?
    30 minutes
  5. Select Save.

  6. If there are any other MX records listed in the MX Records section, delete them by selecting the Delete (X) icon.

  7. In the confirmation dialog box, select Delete to confirm your changes.

Add the six CNAME records that are required for Office 365

  1. To get started, go to your domains page at Cloudflare by using this link. You'll be prompted to log in first.

  2. On the Home page, select the domain that you want to update.

  3. On the Overview page for your domain, select DNS.

  4. Add the first of the six CNAME records.

    On the DNS management page, click Add record, and then select the values from the following table.

    Type Name Target TTL
    CNAME
    autodiscover
    autodiscover.outlook.com
    30 minutes
    CNAME
    sip
    sipdir.online.lync.com
    30 minutes
    CNAME
    lyncdiscover
    webdir.online.lync.com
    30 minutes
    CNAME
    enterpriseregistration
    enterpriseregistration.windows.net
    30 minutes
    CNAME
    enterpriseenrollment
    enterpriseenrollment-s.manage.microsoft.com
    30 minutes
  5. Select the DNS Traffic icon (orange cloud) to bypass the Cloudflare servers.

  6. Select Save.

  7. Add each of the other five CNAME records.

Add a TXT record for SPF to help prevent email spam

Important

You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Office 365. Instead, add the required Office 365 values to the current record so that you have a single SPF record that includes both sets of values.

  1. To get started, go to your domains page at Cloudflare by using this link. You'll be prompted to log in first.

  2. On the Home page, select the domain that you want to update.

  3. On the Overview page for your domain, select DNS.

  4. On the DNS management page, click Add record, and then select the values from the following table.

    Type Name TTL Content
    TXT
    @
    30 minutes
    v=spf1 include:spf.protection.outlook.com -all
    Note: We recommend copying and pasting this entry, so that all of the spacing stays correct.
  5. Select Save.

Add the two SRV records that are required for Office 365

Important

Please keep in mind that Cloudflare is responsible for making this functionality available. In case you see discrepancies between the steps below and the current Cloudflare GUI(Graphical User Interface), please leverage the Cloudflare Community.

  1. To get started, go to your domains page at Cloudflare by using this link. You'll be prompted to log in first.

  2. On the Home page, select the domain that you want to update.

  3. On the Overview page for your domain, select DNS.

  4. Add the first of the two SRV records.

    On the DNS management page, click Add record, and then select the values from the first row of the following table.

    Type Service Protocol Name TTL Priority Weight Port Target
    SRV _sip TLS Use your domain_name; for example, contoso.com 30 minutes 100 1 443 sipfed.online.lync.com
    SRV _sipfederationtls TCP Use your domain_name; for example, contoso.com 30 minutes 100 1 5061 sipfed.online.lync.com
  5. Select Save.

  6. Add the other SRV record by choosing the values from the second row of the table.

Note

Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.