Skip to main content

Configuring Custom Domain Name

Like with most things, there are multiple ways this can be done. I am most familiar with setting this up from the Microsoft Admin Center but it can also be done from within the Entra ID Blade.

To do it from the Admin Center:

  1. Navigate to https://admin.microsoft.com > Settings (may need to Show All) > Domains.
  2. Click + Add domain.image.png
  3. Enter the domain you would like to add. In order to validate ownership of the domain an administrator of the DNS entries will need to add a TXT or MX record to domain's DNS. Additionally, a text file can be added to the domain's website. Microsoft will provide a value for the selected value to add, for example add a TXT record for @ set to MS=ms12723280 or an MX record pointing to ms13612190.msv1.invalid.
  4. Once the record has been added and domain ownership has been verified, Microsoft will prompt for various DNS entries to get the tenant working as well as ask if you plan on using additional services and providing the additional entries needed for those.
    • MX record so external mail servers know where to deliver mail to.
    • A TXT record for SPF. Sender Protection Framework allows you to specify where mail is allowed to be sent from as a minimal form of anti-spoofing. For Microsoft 365 this will point to v=spf1 include:spf.protection.outlook.com -all. Additional servers may be added to the include section for bulk mailing of newsletters or some email archiving.
    • A CNAME pointing to autodiscover.outlook.com so Outlook can automatically detect configuration for the mail servers.
    • Two CNAME records for DKIM which is DomainKeys Identified Mail which signs outgoing mail with a rotating key to provide authenticity of the sender and prove it was not tampered with in transit.
    • The record for DMARC or Domain-based Message Authentication, Reporting, and Conformance is not provided. This mail protection instructs receiving mail servers what to do and where to report to if SPF and/or DKIM fail. Tools like MxToolbox (DMARC Record Generator - Create DMARC DNS Records - MxToolbox) or other similar tools can help adjust the options available.
    • For Intune two CNAME records for enrolling and registering devices.

To add the domain from the Entra Admin Center:

  1. Navigate to https://entra.microsoft.com > Settings > Domain names.
  2. Click + Add custom domain

  3. image.png

  4. Enter the domain you would like to add.
  5. Select whether to add a TXT record or MX record (note that this does not allow you to add the text file to the website).
  6. This will validate the ownership but not provide the additional entries to add but is easier to make the primary domain.
Back to top