Create DNS records for Azure DNS zones

Check the Domains FAQ if you don't find what you're looking for.

If Azure is your DNS hosting provider, follow the steps in this article to verify your domain and set up DNS records for email, Skype for Business Online, and so on.

These are the main records to add.

After you add these records at Azure, your domain will be set up to work with Office 365 services.

Note

Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

Change your domain's nameserver (NS) records

Important

You must perform this procedure at the domain registrar where you purchased and registered your domain.

When you signed up for Azure, you created a resource group within a DNS zone, and then assigned your domain name to that resource group. That domain name is registered to an external domain registrar; Azure does not offer domain registration services.

To verify and create DNS records for your domain in Office 365, you first need to change the nameservers at your domain registrar so that they use the Azure nameservers assigned to your resource group.

To change your domain's name servers at your domain registrar's website yourself, follow these steps.

  1. Find the area on the domain registrar's website where you can edit the nameservers for your domain.

  2. Either create two nameserver records by using the values in the following table, or edit the existing nameserver records so that they match these values. An example of Azure assigned nameservers is shown below.

First nameserver: Use the name server value assigned by Azure.
Second nameserver: Use the name server value assigned by Azure.

Azure-BP-Redelegate-1-1

Tip

You should use at least two name server records. If there are any other name servers listed at your domain registrar's website, you should delete them.

  1. Save your changes.

Note

Your nameserver record updates may take up to several hours to update across the Internet's DNS system. Then your Office 365 email and other services will be all set to work with your domain.

Add a TXT record for verification

Before you use your domain with Office 365, we have to make sure that you own it. Your ability to log in to your account at your domain registrar and create the DNS record proves to Office 365 that you own the domain.

Note

This record is used only to verify that you own your domain; it doesn't affect anything else. You can delete it later, if you like.

  1. To get started, go to your domains page at Azure by using this link. You'll be prompted to log in first.

    Azure-BP-Configure-1-1

  2. On the Dashboard page, in the All resources area, choose the domain that you want to update.

    Azure-BP-Configure-1-2

  3. On the Settings page for your domain, in the DNS zone area, choose + Record set.

    Azure-BP-Configure-1-3

  4. In the Add record set area, in the boxes for the new record set, choose the values from the following table.

    (Select the Type and TTL unit values from the drop-down lists.)

    Name Type TTL TTL unit Value
    @
    TXT
    1
    Hours
    MS=ms XXXXXXXX
    Note: This is an example. Use your specific Destination or Points to Address value here, from the table in Office 365. How do I find this?

    Azure-BP-Verify-1-1

  5. Choose OK.

  6. Wait a few minutes before you continue, so that the record you just created can update across the Internet.

Now that you've added the record at your domain registrar's site, you'll go back to Office 365 and request Office 365 to look for the record.

When Office 365 finds the correct TXT record, your domain is verified.

  1. Choose Setup > Domains.

  2. On the Domains page, choose the domain that you are verifying.

    Domain name selected in Office 365 Admin Center

  3. On the Setup page, choose Start setup.

    Start setup

  4. On the Verify domain page, choose Verify.

    Verify

Note

Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

Add an MX record so email for your domain will come to Office 365

  1. To get started, go to your domains page at Azure by using this link. You'll be prompted to log in first.

    Azure-BP-Configure-1-1

  2. On the Dashboard page, in the All resources area, choose the domain that you want to update.

    Azure-BP-Configure-1-2

  3. On the Settings page for your domain, in the DNS zone area, choose + Record set.

    Azure-BP-Configure-1-3

  4. In the Add record set area, in the boxes for the new record set, choose the values from the following table.

    (Select the Type and TTL unit values from the drop-down lists.)

    Name Type TTL TTL unit Preference Mail Exchange
    @
    MX
    1
    Hours
    10
    For more information about priority, see What is MX priority?
    <domain-key> .mail.protection.outlook.com
    Note: Get your <domain-key> from your Office 365 portal account. How do I find this?

    Azure-BP-Configure-2-1

  5. Choose OK.

    Azure-BP-Configure-2-2

  6. If there are any other MX records listed in the MX Records section, you must delete them.

    First, in the DNS zone area, select the MX Record set.

    Azure-BP-Configure-2-3

    Next, select the MX record you want to delete.

    Azure-BP-Configure-2-4

  7. Choose the Context menu (…), and then choose Remove.

    Azure-BP-Configure-2-5

  8. Choose Save.

    Azure-BP-Configure-2-6

Add the four CNAME records that are required for Office 365

  1. To get started, go to your domains page at Azure by using this link. You'll be prompted to log in first.

    Azure-BP-Configure-1-1

  2. On the Dashboard page, in the All resources area, choose the domain that you want to update.

    Azure-BP-Configure-1-2

  3. On the Settings page for your domain, in the DNS zone area, choose + Record set.

    Azure-BP-Configure-1-3

  4. Add the first of the four CNAME records.

    In the Add record set area, in the boxes for the new record set, type or copy and paste the values from the first row in the following table.

    (Select the Type and TTL unit values from the drop-down lists.)

    Name Type TTL TTL unit Alias
    autodiscover
    CNAME
    1
    Hours
    autodiscover.outlook.com
    sip
    CNAME
    1
    Hours
    sipdir.online.lync.com
    lyncdiscover
    CNAME
    1
    Hours
    webdir.online.lync.com
    msoid
    CNAME
    1
    Hours
    clientconfig.microsoftonline-p.net

    Azure-BP-Configure-3-1

  5. Choose OK.

    Azure-BP-Configure-3-2

  6. Add each of the other three CNAME records.

    In the DNS zone area, choose + Record set. Then, in the empty record set, create a record by using the values from the next row in the table, and again choose OK to complete that record.

    Repeat this process until you have created all four CNAME records.

  7. (Optional) Add 2 CNAME records for MDM.

Important

If you have Mobile Device Management (MDM) for Office 365, then you must create two additional CNAME records. Follow the procedure that you used for the other four CNAME records, but supply the values from the following table. (If you do not have MDM, you can skip this step.)

Name Type TTL TTL unit Alias
enterpriseregistration
CNAME
1
Hours
enterpriseregistration.windows.net
enterpriseenrollment
CNAME
1
Hours
enterpriseenrollment.manage.microsoft.com

Add a TXT record for SPF to help prevent email spam

Important

You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Office 365. Instead, add the required Office 365 values to the current record so that you have a single SPF record that includes both sets of values.

  1. To get started, go to your domains page at Azure by using this link. You'll be prompted to log in first.

    Azure-BP-Configure-1-1

  2. On the Dashboard page, in the All resources area, choose the domain that you want to update.

    Azure-BP-Configure-1-2

  3. In the DNS zone area, choose the TXT record set.

    Azure-BP-Configure-4-1

  4. In the Record set properties area, in the boxes for the new record set, choose the values from the following table.

    (Select the Type and TTL unit values from the drop-down lists.)

    Name Type TTL TTL unit Value
    @
    TXT
    1
    Hours
    v=spf1 include:spf.protection.outlook.com -all
    Note: We recommend copying and pasting this entry, so that all of the spacing stays correct.

    Azure-BP-Configure-4-2

  5. Choose Save.

    Azure-BP-Configure-4-3

Add the two SRV records that are required for Office 365

  1. To get started, go to your domains page at Azure by using this link. You'll be prompted to log in first.

    Azure-BP-Configure-1-1

  2. On the Dashboard page, in the All resources area, choose the domain that you want to update.

    Azure-BP-Configure-1-2

  3. On the Settings page for your domain, in the DNS zone area, choose + Record set.

    Azure-BP-Configure-1-3

  4. Add the first of the two SRV records.

    In the Add record set area, in the boxes for the new record set, choose the values from the first row in the following table.

    (Select the Type and TTL unit values from the drop-down lists.)

    Name Type TTL TTL unit Priority Weight Port Target
    _sip._tls
    SRV
    1
    Hours
    100
    1
    443
    sipdir.online.lync.com
    _sipfederationtls._tcp
    SRV
    1
    Hours
    100
    1
    5061
    sipfed.online.lync.com

    Azure-BP-Configure-5-1

  5. Choose OK.

    Azure-BP-Configure-5-2

  6. Add the other SRV record.

    In the boxes for the new record, type or copy and paste the values from the second row of the table.

Note

Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.