This is a summary of the DNS records needed for the Online Microsoft services
Office 365 with Skype for Business disabled
Exchange
Type | Name | Value | TTL |
MX | @ | cloudshark-nl.mail.protection.outlook.com | 3600 |
TXT | @ | v=spf1 include:spf.protection.outlook.com -all | 3600 |
CNAME | autodiscover | autodiscover.outlook.com | 3600 |
Office 365 full
Exchange
Type | Name | Value | TTL |
MX | @ | cloudshark-nl.mail.protection.outlook.com | 3600 |
TXT | @ | v=spf1 include:spf.protection.outlook.com -all | 3600 |
CNAME | autodiscover | autodiscover.outlook.com | 3600 |
Skype for Business
Type | Name | Value | TTL |
CNAME | sip | sipdir.online.lync.com | 3600 |
CNAME | lyncdiscover | webdir.online.lync.com | 3600 |
SRV records | |||||||
Service | Protocol | Port | Weight | Priority | TTL | Name | Target |
_sip | _tls | 443 | 1 | 100 | 3600 | @ | sipdir.online.lync.com |
_sipfederationtls | _tcp | 5061 | 1 | 100 | 3600 | @ | sipfed.online.lync.com |
Basic Mobility & Security
Type | Name | Value | TTL |
CNAME | enterpriseregistration | enterpriseregistration.windows.net | 3600 |
CNAME | enterpriseenrollment | enterpriseenrollment.manage.microsoft.com | 3600 |
Set whether Teams users can communicate with Skype users
As an admin, you use the Microsoft Teams admin center or PowerShell to set external access settings to control whether Teams users in your organization can communicate with Skype users. By default, this capability is turned on for new tenants. However, there’s a prerequisite that the following DNS SRV record needs to be configured by the IT Admin if not already available for your domain, for example _sipfederationtls.contoso.com.
Service: sipfederationtls
Protocol: TCP
Priority: 100
Weight: 1
Port: 5061
Target: sipfed.online.lync.com
If you upgraded from Skype for Business to Teams, the external communications settings that you configured in the Skype for Business admin center are migrated to Teams.
From <https://docs.microsoft.com/en-us/microsoftteams/teams-skype-interop>
tep 1: Create CNAME (optional)
Create CNAME DNS resource records for your company’s domain. For example, if your company’s website is contoso.com, you would create a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to enterpriseenrollment-s.manage.microsoft.com.
Although creating CNAME DNS entries is optional, CNAME records make enrollment easier for users. If no enrollment CNAME record is found, users are prompted to manually enter the MDM server name, enrollment.manage.microsoft.com.
Type | Host name | Points to | TTL |
CNAME | EnterpriseEnrollment.company_domain.com | EnterpriseEnrollment-s.manage.microsoft.com | 1 hour |
CNAME | EnterpriseRegistration.company_domain.com | EnterpriseRegistration.windows.net | 1 hour |
STEP 1: CREATE CNAME (OPTIONAL)
If the company uses more than one UPN suffix, you need to create one CNAME for each domain name and point each one to EnterpriseEnrollment-s.manage.microsoft.com. For example, users at Contoso use the following formats as their email/UPN:
The Contoso DNS admin should create the following CNAMEs:
Type | Host name | Points to | TTL |
CNAME | EnterpriseEnrollment.contoso.com | EnterpriseEnrollment-s.manage.microsoft.com | 1 hour |
CNAME | EnterpriseEnrollment.us.contoso.com | EnterpriseEnrollment-s.manage.microsoft.com | 1 hour |
CNAME | EnterpriseEnrollment.eu.contoso.com | EnterpriseEnrollment-s.manage.microsoft.com | 1 hour |
TABLE 3
EnterpriseEnrollment-s.manage.microsoft.com – Supports a redirect to the Intune service with domain recognition from the email’s domain name
From <https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enroll>