Create DNS records for Office 365 using cPanel

To get started you will need to browser windows open: Microsoft Admin Center and your domain DNS.

When setting up your domain to use Microsoft 365 you will need to verify that you are authorised to access the domain. To do this you will need to place a TXT record on your root domain. Firstly, Sign in to your Admin Center and navigate to Show All => Settings => Domains  

In a separate browser tab sign in to your web hosting account  , then to access your DNS settings via Services => My Services => Select the hosting package you want to work on => then "Login to cPanel". Once in cPanel look for the "Zone Editor" under the DNS section.

Verification (TXT)

The first record that you will need to add is unique for your Microsoft account and will be in the format below

Subdomain

Text

(Leave this field empty.)

MS=msXXXXXXXX

Note   This is an example. Use your specific Destination or Points to Address value here, from the table in Office 365.
How do I find this?  

Mail Exchange (MX)

If you are ready for your emails to be routed to Microsoft, each domain provisioned onto Microsoft365 is allocated a unique MX record which will need to be added to your cPanel DNS ensuring that you overwrite the existing record.

At this point, within cPanel, you will also need to navigate to the "Email Routing" screen to switch your settings to "Remote". This will ensure that any email generated by your website are also routed to Microsoft. You can read more about email routing in cPanel here  .

Subdomain

Mail server

Priority

(Leave this field empty.)

<domain-key>.mail.protection.outlook.com.

This value MUST end with a period (.)

Note   Get your <domain-key> from your Office 365 portal account.
How do I find this?  

0

For more information about priority, see What is MX priority?  

CNAME

To enable other services within your Microsoft365 account you will need to create their respective CNAME records to ensure correct functionality.

You only need to add the records for the services you wish to use, however we recommend to add them all which will allow you to turn the services on and off within the Microsoft portal as you need them

Subdomain

Address

Needed for

autodiscover

autodiscover.outlook.com.

This value MUST end with a period (.)

Email in Office 365 (Exchange Online)

sip

sipdir.online.lync.com.

This value MUST end with a period (.)

Teams / Skype for Business

lyncdiscover

webdir.online.lync.com.

This value MUST end with a period (.)

Teams / Skype for Business

msoid

clientconfig.microsoftonline-p.net.

This value MUST end with a period (.)

Office 365 (core services)

enterpriseregistration

enterpriseregistration.windows.net.

This value MUST end with a period (.)

Federation Service and DRS

enterpriseenrollment

enterpriseenrollment.manage.microsoft.com.

This value MUST end with a period (.)

Federation Service and DRS

Sender Policy Framework (TXT)

To ensure correctly authenticate emails against your domain you will need to adjust your Sender Policy Framework to allow Microsoft to send emails on behalf of your domain. 

Microsoft's default recommendation is to just allow their service with "v=spf1 include:spf.protection.outlook.com -all" however this could mean that any emails generate directly on your website e.g. contact form, sales invoices, etc. would not be correctly covered. We recommend adding "+a" which will allow any any service that has an A Record on your domain to send emails. Alternatively, if you are using a website proxy service like Cloudflare, you may wish to allow the webserver IP address directly with "+ip4:xxx.xxx.xxx.xxx" or "+ip6:xxxx:xxxx:xxxx:xxxx/64" where x is replaced by the actual value of your webserver.

Subdomain

Text

(Leave this field empty.)

v=spf1 +a +include:spf.protection.outlook.com -all

Note   We recommend copying and pasting this entry, so that all of the spacing stays correct.

Teams / Skype for Business (SRV)

Lastly, for Teams / Skype for Business you will need to add two SRV records

Service

Proto

Server

Port

Priority

Weight

SIP

TLS

sipdir.online.lync.com.

This value MUST end with a period (.)

443

100

1

_sipfederationtls

TCP

sipfed.online.lync.com.

This value MUST end with a period (.)

5061

100

1

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Why is my mail client downloading duplicates of existing emails?

This issue will only occur when downloading mail via POP3. It is not something to be seriously...

An error occurred when using cPanel Roundcube Webmail

User Issue: Occasionally users of the Roundcube webmail program report that the following error...

Can I connect to my mailbox with a secure connection?

Yes, mail connections for all protocols with SSL encryption are supported. The ports for this...

Can I use my own Microsoft Exchange server with my domain?

So long as your Exchange server has a static (non-changing) IP address, as most do, then it's a...

Can I use my own SMTP server?

Yes, just ask your SMTP server provider for connection details. Some ISPs may only allow you to...