NetDigLearnDNS Setup
Setup Guide5 min read

Microsoft 365 DNS Records

Every DNS record needed for Microsoft 365 (formerly Office 365) — MX, Autodiscover, SPF, DKIM, and domain verification. With step-by-step setup instructions.

Get Copy-Ready Records →

Microsoft 365 requires several DNS records for email routing, Outlook auto-configuration, and domain verification. The exact values for some records (MX, DKIM) are unique to your Microsoft tenant.

Find your exact values: The MX record and DKIM CNAME records contain your specific tenant identifier. Get them from Microsoft 365 Admin Center → Settings → Domains.

DNS Records Required

TypeHostValueTTLNotes
MX@yourdomain-com.mail.protection.outlook.com3600Replace with your tenant's exact MX from M365 Admin
TXT@v=spf1 include:spf.protection.outlook.com -all3600SPF for Microsoft 365
CNAMEautodiscoverautodiscover.outlook.com3600Autodiscover — enables Outlook auto-configuration
CNAMEselector1._domainkeyselector1-yourdomain-com._domainkey.YOUR_TENANT.onmicrosoft.com3600DKIM selector 1 — get exact value from M365 Admin
CNAMEselector2._domainkeyselector2-yourdomain-com._domainkey.YOUR_TENANT.onmicrosoft.com3600DKIM selector 2 — get exact value from M365 Admin
TXT@MS=msXXXXXXXX300Domain verification — get code from M365 Admin

Step-by-Step Setup

1

Start domain setup in M365 Admin

Go to admin.microsoft.com → Settings → Domains → Add domain. Enter your domain name.

2

Add the verification TXT record

Microsoft gives you a TXT record starting with MS=ms... Add it to your DNS. Click Verify in the wizard.

3

Add MX record

Remove existing MX records. Add the MX record Microsoft specifies — it ends in .mail.protection.outlook.com. The exact subdomain is unique to your tenant.

4

Add SPF and Autodiscover

Add the SPF TXT record and the Autodiscover CNAME. If you have an existing SPF record, add include:spf.protection.outlook.com to it.

5

Enable DKIM

In M365 Admin → Security → Email & collaboration → DKIM. Select your domain and enable DKIM. Microsoft will show you the 2 CNAME records to add to DNS. Add them and click Enable.

6

Complete the setup wizard

Return to the domain setup wizard in M365 Admin and click Verify to confirm all records are correct.

Copy-ready records: Use the DNS Record Builder — select this service from the dropdown and enter your domain to get all records formatted and ready to copy.

After Adding Records

DNS changes can take anywhere from a few minutes to 24 hours to propagate. Use the DNS Propagation Checker to verify your records are live globally, then return to the service's admin console to verify domain ownership.

In Microsoft 365 Admin Center → Settings → Domains → click your domain → DNS records tab. Your exact MX value is shown there.

Yes if you use Outlook desktop. It enables automatic account configuration so users don't need to manually enter server settings. Skip it only if all users access email via webmail (Outlook.com).

v=spf1 include:spf.protection.outlook.com -all — this authorizes Microsoft's servers to send email for your domain. Use -all (hard fail) for strict enforcement.