DNS records needed for Office 365, MS Teams, M365, Exchange online & Skype

This is a summary of the DNS records needed for the Online Microsoft services

Office 365 with Skype for Business disabled

Exchange

TypeNameValueTTL
MX@cloudshark-nl.mail.protection.outlook.com3600
TXT@v=spf1 include:spf.protection.outlook.com -all3600
CNAMEautodiscoverautodiscover.outlook.com3600

Office 365 full

Exchange

TypeNameValueTTL
MX@cloudshark-nl.mail.protection.outlook.com3600
TXT@v=spf1 include:spf.protection.outlook.com -all3600
CNAMEautodiscoverautodiscover.outlook.com3600

Skype for Business

TypeNameValueTTL
CNAMEsipsipdir.online.lync.com3600
CNAMElyncdiscoverwebdir.online.lync.com3600
SRV records       
ServiceProtocolPortWeightPriorityTTLNameTarget
_sip_tls44311003600@sipdir.online.lync.com
_sipfederationtls_tcp506111003600@sipfed.online.lync.com

Basic Mobility & Security

TypeNameValueTTL
CNAMEenterpriseregistrationenterpriseregistration.windows.net3600
CNAMEenterpriseenrollmententerpriseenrollment.manage.microsoft.com3600

Set whether Teams users can communicate with Skype users

As an admin, you use the Microsoft Teams admin center or PowerShell to set external access settings to control whether Teams users in your organization can communicate with Skype users. By default, this capability is turned on for new tenants. However, there’s a prerequisite that the following DNS SRV record needs to be configured by the IT Admin if not already available for your domain, for example _sipfederationtls.contoso.com.

Service: sipfederationtls
Protocol: TCP
Priority: 100
Weight: 1
Port: 5061
Target: sipfed.online.lync.com

If you upgraded from Skype for Business to Teams, the external communications settings that you configured in the Skype for Business admin center are migrated to Teams.

From <https://docs.microsoft.com/en-us/microsoftteams/teams-skype-interop>

tep 1: Create CNAME (optional)

Create CNAME DNS resource records for your company’s domain. For example, if your company’s website is contoso.com, you would create a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to enterpriseenrollment-s.manage.microsoft.com.

Although creating CNAME DNS entries is optional, CNAME records make enrollment easier for users. If no enrollment CNAME record is found, users are prompted to manually enter the MDM server name, enrollment.manage.microsoft.com.

TypeHost namePoints toTTL
CNAMEEnterpriseEnrollment.company_domain.comEnterpriseEnrollment-s.manage.microsoft.com1 hour
CNAMEEnterpriseRegistration.company_domain.comEnterpriseRegistration.windows.net1 hour

STEP 1: CREATE CNAME (OPTIONAL)

If the company uses more than one UPN suffix, you need to create one CNAME for each domain name and point each one to EnterpriseEnrollment-s.manage.microsoft.com. For example, users at Contoso use the following formats as their email/UPN:

The Contoso DNS admin should create the following CNAMEs:

TypeHost namePoints toTTL
CNAMEEnterpriseEnrollment.contoso.comEnterpriseEnrollment-s.manage.microsoft.com1 hour
CNAMEEnterpriseEnrollment.us.contoso.comEnterpriseEnrollment-s.manage.microsoft.com1 hour
CNAMEEnterpriseEnrollment.eu.contoso.comEnterpriseEnrollment-s.manage.microsoft.com1 hour

TABLE 3

EnterpriseEnrollment-s.manage.microsoft.com – Supports a redirect to the Intune service with domain recognition from the email’s domain name

From <https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enroll>

Leave a Reply

Your email address will not be published. Required fields are marked *