Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
If you purchased a domain from a non-Microsoft registrar, you can connect it to Microsoft 365 by updating the DNS records at your registrar. After you add DNS records at your registrar, your domain stays registered with the registrar that you purchased the domain from. However, Microsoft 365 can use the domain for its various services such as your domain email addresses.
Note
A registrar is also known as a DNS hosting provider.
If you don't add a custom domain to Microsoft 365, your organization can instead use the onmicrosoft.com domain for email addresses until a custom domain is added. It's important to add your custom domain before you add users so you don't have to set up users twice.
If you want to change the email domain of existing user accounts, follow the steps described in Change your email address to use your custom domain using the Microsoft 365 admin center.
For more information on domains, see Domains FAQ.
Registrars and Domain Connect
Before you connect your domain to Microsoft 365 by adding DNS records, you need to determine the registrar that hosts your domain. Additionally, you need to determine if your registrar supports Domain Connect. Domain Connect allows Microsoft 365 to automatically perform the following tasks:
- Confirm domain ownership.
- Add DNS records required for Microsoft 365 services.
If a registrar doesn't support Domain Connect, you need to manually confirm domain ownership and add DNS records by signing in to your registrar and manually adding the appropriate DNS records.
To find your registrar, see Find your domain registrar. Once you determine your registrar, consult with the registrar to see if they support Domain Connect.
For instructions on how to manually add DNS records at specific registrars, see the following articles:
- Connect your DNS records at IONOS to Microsoft 365.
- Connect your DNS records at 123-reg.co.uk to Microsoft 365.
- Connect your DNS records at Amazon Web Services (AWS) to Microsoft 365.
- Connect your DNS records at Cloudflare to Microsoft 365.
- Connect your DNS records at GoDaddy to Microsoft 365.
- Connect your DNS records at Namecheap to Microsoft 365.
- Connect your DNS records at Network Solutions to Microsoft 365.
- Connect your DNS records at OVH to Microsoft 365.
- Connect your DNS records at web.com to Microsoft 365.
- Connect your DNS records at Wix to Microsoft 365.
- Create DNS records for Microsoft using Windows-based DNS.
Step 1: Add a domain and verify domain ownership
First, add a custom domain to Microsoft 365 and verify domain ownership. For detailed instructions on how to add a custom domain to Microsoft 365, see Add a domain to Microsoft 365.
Step 2: Connect to Microsoft services by adding DNS records
When you add a custom domain as part of Step 1: Add a domain and verify domain ownership, the wizard prompts you to add DNS entries for Microsoft 365 services, including email. However, if you skip adding DNS entries when adding the custom domain, you can add them later.
The following sections describe how to add the various DNS records for some of the Microsoft 365 services.
Add an MX record and DNS records for email (Outlook, Exchange Online)
Important
Before you begin, add users and set up mailboxes in Microsoft 365 for all email users on your domain. Add users before updating an MX record for Microsoft 365 to ensure that email continues to work without interruption as the email moves from the previous email provider to Microsoft 365.
When you update your domain's MX record, all new email for anyone who uses your domain is sent to Microsoft 365. Any existing email stays at your previous email host, unless you decide to migrate email and contacts to Microsoft 365.
To add the DNS records needed for Microsoft 365 email services, select the tab based on your registrar's support for Domain Connect:
- Domain Connect - Registrar supports Domain Connect and DNS records are added automatically.
- Manual - Registrar doesn't support Domain Connect and DNS records need to be added manually.
Domain ConnectTo add an MX record and other supporting email DNS records for use with email in Microsoft 365 (Outlook, Exchange Online), follow these steps:
Sign in to the Microsoft 365 admin center.
From the left navigation bar, select … Show all, and then select Settings to expand it.
Under Settings, select Domains.
In the Domains page, select a domain.
In the page that displays your custom domain, select DNS records, and then select Manage DNS.
The How do you want to connect your domain? wizard starts. Select Continue.
In the Add DNS records page, make sure Exchange and Exchange Online Protection is selected.
For additional email spam protection, select Advanced options, and then select DomainKeys Identified Mail (DKIM). DKIM DNS records are optional. For more information about DKIM, see Help prevent email spam (Outlook, Exchange Online) by adding appropriate DNS records in this article.
Once the desired email services are selected, select Add DNS records.
A new window from your registrar opens showing the DNS records that are going to be added, including the MX record. Verify that the DNS records are correct, and then authorize the DNS records to be added.
Important
If an MX record already exists for the previous email provider, take one of the following two actions to ensure that email starts getting delivered to Microsoft 365:
- Remove any existing MX records pointing to a previous email provider.
- Set the MX record priority for the previous email provider to a lower priority than the MX record for Microsoft 365.
Depending on the registrar, the registrar might offer to automatically delete the existing MX record via Domain Connect. If you don't want the existing MX record to be automatically deleted, add the required email DNS records manually at your registrar. Select the Manual tab instead to add MX records manually.
After you add DNS records at the registrar, the browser returns you to the Microsoft 365 admin center.
The Domain setup is complete page displays. Select Done to complete adding DNS records to Microsoft 365.
Add CNAME and SRV records to connect other Microsoft 365 services (Microsoft Teams, Exchange Online, Microsoft Intune)
Select the tab based on your registrar's support for Domain Connect:
- Domain Connect - Registrar supports Domain Connect and DNS records are added automatically.
- Manual - Registrar doesn't support Domain Connect and DNS records need to be added manually.
To add CNAME and SRV records required by Microsoft 365 services such as Microsoft Teams, Exchange Online, or Microsoft Intune:
Sign in to the Microsoft 365 admin center.
From the left navigation bar, select … Show all, and then select Settings to expand it.
Under Settings, select Domains.
In the Domains page, select a domain.
In the page that displays your custom domain, select DNS records, and then select Manage DNS.
The How do you want to connect your domain? wizard starts. Select Continue.
In the Add DNS records page, select Advanced options. Advanced options displays all additional available Microsoft 365 services.
Select the Microsoft 365 services that need DNS records added, and then select Add DNS records. For example:
- For Microsoft Intune, select Intune and Mobile Device Management for Microsoft 365.
- To add DKIM records to reduce email spam, select DomainKeys Identified Mail (DKIM).
A new window from your registrar opens showing the DNS records that are going to be added. Verify that the DNS records are correct, and then authorize the DNS records to be added.
Once the DNS records are added, you're returned to the Microsoft 365 admin center window.
The Domain setup is complete page displays. Select Done to complete adding the CNAME and SRV records to Microsoft 365.
Help prevent email spam (Outlook, Exchange Online) by adding appropriate DNS records
Sender Policy Framework, better known as SPF, helps prevent email spam. SPF is designed to help prevent spoofing. Activate SPF on a domain by adding a TXT record to the domain's DNS. To set up an SPF TXT record for use with Microsoft 365 email services, see Add an MX record and DNS records for email (Outlook, Exchange Online) in this article.
Although SPF is designed to help prevent spoofing, some spoofing techniques bypass SPF. To protect against these threats, after setting up the SPF record, also set up DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting, and Conformance (DMARC) for Microsoft 365. For more information on DKIM and DMARC, see the following two articles:
- Use DKIM to validate outbound email sent from your domain in Microsoft 365.
- Use DMARC to validate email in Microsoft 365.
To set up DKIM for use with Microsoft 365 email services, see Add an MX record and DNS records for email (Outlook, Exchange Online) in this article.
SRV record field restrictions and workarounds
Some registrars restrict field values within SRV records. The following sections describe some of those restrictions and their workarounds.
Host Name/Alias can't be set to @
If your registrar doesn't allow setting this field to @, leave it blank. Use this approach only when your registrar has separate fields for Service and Protocol. If your registrar doesn't have separate fields for Service and Protocol, see Service and Protocol fields aren't available in this article.
Service and Protocol fields aren't available
If your registrar doesn't provide separate Service and Protocol fields for SRV records, you must specify the Service and Protocol values in the record's Host Name/Alias field. To add these values, create a single string, separating the values with a dot. For example, for the following values:
| DNS record field | Value |
|---|---|
| Type | SRV (Service) |
| Host Name or Alias | @ |
| Service | _sipfederationtls |
| Protocol | TCP |
| Target | sipfed.online.lync.com |
| Priority | 100 |
| Weight | 1 |
| Port | 5061 |
| TTL | 3600 (1 hour) |
enter the following value in the Host Name/Alias field instead of @:
| DNS record field | Value |
|---|---|
| Type | SRV (Service) |
| Host Name or Alias | _sipfederationtls._tcp |
| Target | sipfed.online.lync.com |
| Priority | 100 |
| Weight | 1 |
| Port | 5061 |
| TTL | 3600 (1 hour) |
Priority, Weight, and Port fields aren't available
If your registrar doesn't provide the Priority, Weight, and Port fields for SRV records, you must specify them in the SRV record's Target field. To add these values, create a single string, separating the values with spaces. The values must be included in this order:
- Priority.
- Weight.
- Port.
- Target.
For example, for the following values:
| DNS record field | Value |
|---|---|
| Type | SRV (Service) |
| Host Name or Alias | @ |
| Service | _sipfederationtls |
| Protocol | TCP |
| Target | sipfed.online.lync.com |
| Priority | 100 |
| Weight | 1 |
| Port | 5061 |
| TTL | 3600 (1 hour) |
enter the following value in the Target field:
| DNS record field | Value |
|---|---|
| Type | SRV (Service) |
| Host Name or Alias | @ |
| Service | _sipfederationtls |
| Protocol | TCP |
| Target | 100 1 5061 sipfed.online.lync.com |
| TTL | 3600 (1 hour) |
Warning
Some registrars require that the string entered into the Target field end with a dot (.). For example:
DNS record field Value Type SRV (Service) Host Name or Alias @ Service _sipfederationtls Protocol TCP Target 100 1 5061 sipfed.online.lync.com. TTL 3600 (1 hour) Check with your registrar to verify if ending with a dot (.) is required.
Depending on your registrar, the Target field might have a different name such as:
- Content.
- IP Address.
- Target Host.
- Value.
Support
Tip
Some configuration tasks might be complex to perform. For technical support, follow these steps:
- Sign in to the Microsoft 365 admin center.
- At the bottom right, select Help & Support.
- In the Support Assistant pane that opens, enter your question.
- Review the results. If you still have questions, select Contact support.
To learn about your options for contacting support, see Get support for Microsoft 365 for business.