title | f1.keywords | ms.author | author | manager | ms.date | audience | ms.topic | ms.service | ms.localizationpriority | ms.collection | ms.custom | search.appverid | ms.assetid | description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Connect your DNS records at Amazon Web Services (AWS) to Microsoft 365 |
|
nkagole |
nataliekagole |
scotv |
02/18/2020 |
Admin |
article |
microsoft-365-business |
medium |
|
AdminSurgePortfolio |
|
7a2efd75-0771-4897-ba7b-082fe5bfa9da |
Learn to verify your domain and set up DNS records for email, Skype for Business Online, and other services at Amazon Web Services (AWS) for Microsoft. |
Check the Domains FAQ if you don't find what you're looking for.
If AWS is your DNS hosting provider, follow the steps in this article to verify your domain and set up DNS records for email, Skype Online for Business, and so on.
After you add these records at AWS, your domain will be set up to work with Microsoft services.
Note
Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Find and fix issues after adding your domain or DNS records.
Before you use your domain with Microsoft, we have to make sure that you own it. Your ability to log in to your account at your domain registrar and create the DNS record proves to Microsoft that you own the domain.
Note
This record is used only to verify that you own your domain; it doesn't affect anything else. You can delete it later, if you like.
-
To get started, go to your domains page at AWS by using this link. You'll be prompted to log in first.
-
On the landing page, under Domains, select Registered domains.
-
Under Domain Name, select the domain you want to set up in Microsoft 365.
Note: If you haven't created a hosted zone for your domain, select Create hosted zone and complete the steps before moving to the next step.
:::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Screenshot of Registered Domains where you select the Domain Name for the domain verification TXT record.":::
-
Select Manage DNS.
:::image type="content" source="../../media/dns-aws/aws-domains-2.png" alt-text="Select Manage DNS from the drop-down list.":::
-
Under Domain name, select the domain name for the hosted zone version of the domain you want to verify.
:::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Screenshot of Hosted zones where you select the Domain name for the domain verification TXT record.":::
-
Select Create record.
:::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Screenshot of where you select Create record to add a domain verification TXT record.":::
-
In the boxes for the new record, type or copy and paste the values from the following table.
(Choose the Type and Routing policy values from the drop-down lists.)
[!TIP] The quotation marks required by the onscreen instructions are supplied automatically. You don't need to type them manually.
Record name Record type Value TTL (Seconds) Routing policy (Leave this field empty.) TXT - Used to verify email senders MS=msXXXXXXXX
Note: This is an example. Use your specific Destination or Points to Address value here, from the table in Microsoft 365. How do I find this?300 Simple -
Select Create records.
:::image type="content" source="../../media/dns-aws/aws-domains-txt-create-records.png" alt-text="Screenshot of where you select Create records to add a domain verification TXT record.":::
Wait a few minutes before you continue, so that the record you just created can update across the Internet.
Now that you've added the record at your domain registrar's site, you'll go back to Microsoft and request a search for the record. When Microsoft finds the correct TXT record, your domain is verified.
To verify the record in Microsoft 365:
-
In the admin center, go to the Settings > Domains.
-
On the Domains page, select the domain that you're verifying, and select Start setup.
:::image type="content" source="../../media/dns-IONOS/IONOS-DomainConnects-2.png" alt-text="Select Start setup.":::
-
Select Continue.
-
On the Verify domain page, select Verify.
Note
Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Find and fix issues after adding your domain or DNS records.
-
To get started, go to your domains page at AWS by using this link. You'll be prompted to log in first.
-
On the landing page, under Domains, select Registered domains.
-
Under Domain Name, select the domain you want to set up in Microsoft 365.
Note: If you haven't created a hosted zone for your domain, select Create hosted zone and complete the steps before moving to the next step.
:::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Screenshot of Registered Domains where you select the Domain Name for the MX record.":::
-
Select Manage DNS.
:::image type="content" source="../../media/dns-aws/aws-domains-2.png" alt-text="Select Manage DNS from the drop-down list.":::
-
Under Domain name, select the domain name for the hosted zone version of the domain you want to verify.
:::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Select the domain name for the hosted zone version of the domain.":::
-
Select Create record.
:::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Screenshot of where you select Create record to add an MX record.":::
-
In the boxes for the new record, type or copy and paste the values from the following table.
(Choose the Type and Routing policy values from the drop-down lists.)
[!TIP] The quotation marks required by the onscreen instructions are supplied automatically. You don't need to type them manually.
Record name Record type Value TTL (Seconds) Routing policy (Leave this field empty.) MX - Specifies mail servers 0 <domain-key>.mail.protection.outlook.com.
The 0 is the MX priority value. Add it to the beginning of the MX value, separated from the remainder of the value by a space.
This value MUST end with a period (.)
Note: Get your <domain-key> from your Microsoft 365 account. How do I find this?300 Simple routing -
Select Create records.
:::image type="content" source="../../media/dns-aws/aws-domains-mx-create-records.png" alt-text="Screenshot of where you select Create records to add an MX record":::
-
If there are any other MX records, remove them by selecting the record, and then selecting Delete.
-
To get started, go to your domains page at AWS by using this link. You'll be prompted to log in first.
-
On the landing page, under Domains, select Registered domains.
-
Under Domain Name, select the domain you want to set up in Microsoft 365.
Note: If you haven't created a hosted zone for your domain, select Create hosted zone and complete the steps before moving to the next step.
:::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Screenshot of Registered Domains where you select the Domain Name for the CNAME record.":::
-
Select Manage DNS.
:::image type="content" source="../../media/dns-aws/aws-domains-2.png" alt-text="Select Manage DNS from the drop-down list.":::
-
Under Domain name, select the domain name for the hosted zone version of the domain you want to verify.
:::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Screenshot of Hosted zones where you select the Domain name for the MX record.":::
-
Select Create record.
:::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Screenshot of where you select Create record to add a CNAME record":::
-
In the boxes for the new record, type or copy and paste the values from the following table.
(Choose the Type and Routing policy values from the drop-down lists.)
Record name Record type Value TTL Routing policy autodiscover CNAME - Routes traffic to another domain name autodiscover.outlook.com.
This value MUST end with a period (.)300 Simple -
Select Create records.
:::image type="content" source="../../media/dns-aws/aws-domains-cname-create-records.png" alt-text="Screenshot of where you select Create records to add a CNAME record":::
Important
You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a single SPF record that includes both sets of values. Need examples? Check out these External Domain Name System records for Microsoft. To validate your SPF record, you can use one of theseSPF validation tools.
-
To get started, go to your domains page at AWS by using this link. You'll be prompted to log in first.
-
On the landing page, under Domains, select Registered domains.
-
Under Domain Name, select the domain you want to set up in Microsoft 365.
Note: If you haven't created a hosted zone for your domain, select Create hosted zone and complete the steps before moving to the next step.
:::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Screenshot of Registered Domains where you select the Domain Name for the SPF TXT record.":::
-
Select Manage DNS.
:::image type="content" source="../../media/dns-aws/aws-domains-2.png" alt-text="Select Manage DNS from the drop-down list.":::
-
Under Domain name, select the domain name for the hosted zone version of the domain you want to verify.
:::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Screenshot of Hosted zones where you select the Domain name for the SPF TXT record.":::
-
Select Create record.
:::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Screenshot of where you select Create record to add an SPF TXT record.":::
-
In the boxes for the new record, type or copy and paste the values from the following table.
(Choose the Type value from the drop-down lists.)
Record type Value TXT- Used to verify email senders and for application-specific values v=spf1 include:spf.protection.outlook.com -all
(The quotation marks required by the onscreen instructions are supplied automatically. You don't need to type them manually.)
Note: We recommend copying and pasting this entry, so that all of the spacing stays correct. -
Select Create records.
:::image type="content" source="../../media/dns-aws/aws-domains-txt-create-records.png" alt-text="Screenshot of where you select Create records to add an SPF TXT record.":::
Only select this option if your organization uses Skype for Business for online communication services like chat, conference calls, and video calls, in addition to Microsoft Teams. Skype needs 4 records: 2 SRV records for user-to-user communication, and 2 CNAME records to sign-in and connect users to the service.
-
To get started, go to your domains page at AWS by using this link. You'll be prompted to log in first.
-
On the landing page, under Domains, select Registered domains.
-
Under Domain Name, select the domain you want to set up in Microsoft 365.
Note: If you haven't created a hosted zone for your domain, select Create hosted zone and complete the steps before moving to the next step.
:::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Screenshot of Registered Domains where you select the Domain Name for the SRV records for Skype for Business.":::
-
Select Manage DNS.
:::image type="content" source="../../media/dns-aws/aws-domains-2.png" alt-text="Select Manage DNS from the drop-down list.":::
-
Under Domain name, select the domain name for the hosted zone version of the domain you want to verify.
:::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Screenshot of Hosted zones where you select the Domain name for the SRV records for Skype for Business.":::
-
Select Create record.
:::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Screenshot of where you select Create record to add an SRV record.":::
-
In the boxes for the new record, type or copy and paste the values from the following table.
(Choose the Type and Routing Policy values from the drop-down lists.)
Record name Record type Value TTL (Seconds) Routing policy _sip._tls SRV - Application-specific values that id servers 100 1 443 sipdir.online.lync.com. This value MUST end with a period (.)>
Note: We recommend copying and pasting this entry, so that all of the spacing stays correct.300 Simple _sipfederationtls._tcp SRV - Application-specific values that id servers 100 1 5061 sipfed.online.lync.com. This value MUST end with a period (.)
Note: We recommend copying and pasting this entry, so that all of the spacing stays correct.300 Simple -
To add the other SRV record, select Add another record, create a record using the values from the next row in the table, and then again select Create records.
:::image type="content" source="../../media/dns-aws/aws-domians-srv-create-records.png" alt-text="Screenshot of where you select Create records to add an SRV record.":::
Note
Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Find and fix issues after adding your domain or DNS records.
-
To get started, go to your domains page at AWS by using this link. You'll be prompted to log in first.
-
On the landing page, under Domains, select Registered domains.
-
Under Domain Name, select the domain you want to set up in Microsoft 365.
Note: If you haven't created a hosted zone for your domain, select Create hosted zone and complete the steps before moving to the next step.
:::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Screenshot of Registered Domains where you select the Domain Name for the CNAME records for Skype for Business.":::
-
Select Manage DNS.
:::image type="content" source="../../media/dns-aws/aws-domains-2.png" alt-text="Screenshot of Registered Domains where you select Manage DNS for the CNAME records for Skype for Business.":::
-
Under Domain name, select the domain name for the hosted zone version of the domain you want to verify.
:::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Screenshot of Hosted zones where you select the Domain name for the CNAME records for Skype for Business.":::
-
Select Create record.
:::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Screenshot of where you select Create record to add CNAME records for Skype for Business.":::
-
In the boxes for the new record, type or copy and paste the values from the following table.
(Choose the Type and Routing policy values from the drop-down lists.)
Record name Record type Value TTL Routing policy sip CNAME - Canonical name sipdir.online.lync.com.
This value MUST end with a period (.)300 Simple lyncdiscover CNAME - Canonical name webdir.online.lync.com.
This value MUST end with a period (.)300 Simple -
To add the other CNAME record, select Add another record, create a record using the values from the next row in the table.
-
Select Create records.
:::image type="content" source="../../media/dns-aws/aws-domains-cname-create-records.png" alt-text="Screenshot of where you select Create records to add CNAME records for Skype for Business.":::
Note
Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.
This service helps you secure and remotely manage mobile devices that connect to your domain. Mobile Device Management needs two CNAME records so that users can enroll devices to the service.
-
To get started, go to your domains page at AWS by using this link. You'll be prompted to log in first.
-
On the landing page, under Domains, select Registered domains.
-
Under Domain Name, select the domain you want to set up in Microsoft 365.
Note: If you haven't created a hosted zone for your domain, select Create hosted zone and complete the steps before moving to the next step.
:::image type="content" source="../../media/dns-aws/aws-domains-1.png" alt-text="Screenshot of Registered Domains where you select the Domain Name for the CNAME records for Mobile Device Management.":::
-
Select Manage DNS.
:::image type="content" source="../../media/dns-aws/aws-domains-2.png" alt-text="Select Manage DNS from the drop-down list.":::
-
Under Domain name, select the domain name for the hosted zone version of the domain you want to verify.
:::image type="content" source="../../media/dns-aws/aws-domains-3.png" alt-text="Screenshot of Hosted zones where you select the Domain name for the CNAME records for Mobile Device Management.":::
-
Select Create record.
:::image type="content" source="../../media/dns-aws/aws-domains-create-record.png" alt-text="Screenshot of where you select Create record to add CNAME records for Mobile Device Management.":::
-
In the boxes for the new record, type or copy and paste the values from the following table.
(Choose the Type and Routing policy values from the drop-down lists.)
Record name Record type Value TTL Routing policy enterpriseregistration CNAME - Canonical name enterpriseregistration.windows.net.
This value MUST end with a period (.)300 Simple enterpriseenrollment CNAME - Canonical name enterpriseenrollment-s.manage.microsoft.com.
This value MUST end with a period (.)300 Simple -
To add the other CNAME record, select Add another record, create a record using the values from the next row in the table.
-
Select Create records.
:::image type="content" source="../../media/dns-aws/aws-domains-cname-create-records.png" alt-text="Screenshot of where you select Create records to add CNAME records for Mobile Device Management.":::
Note
Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.