Category Archives: 18160

Tips and Tricks for Adding a Domain to Office 365

There are three steps to adding a domain to your Office 365 tenant:

  1. Prove that you own the domain (aka domain validation or domain proof).
  2. Add users and assign licenses (optional).
  3. Set domain purpose and configure DNS.
Once these three steps are complete the domain is active for use in Office 365.
Domain validation (Step 1 in the Add a Domain wizard ) is done to prove that you own the domain you are adding to Office 365. It involves adding a TXT record to your external DNS with a specific text string (something like MS=ms15068668) that Office 365 provides in the wizard. If Office 365 can read that TXT record in the zone’s public DNS it “proves” that you own the domain.



Note that the domain proof TXT record is only needed once for domain validation.  Once domain validation is complete, you can safely delete it from public DNS. If for some reason you remove the domain from Office 365 and add it again, you will need to revalidate the domain and the domain proof TXT record will have a different value.


The second step is to add users and assign Office 365 licenses. Most of my customers use DirSync to synchronize Active Directory objects with Office 365, so this step is unnecessary. In this case I usually select, I don’t want to add users right now.

The third step is to set the domain purpose and configure external DNS so you can use this domain in Office 365. This is the step that trips most people up because Office 365 is so unforgiving about the DNS records it expects. Office 365 expects you to only use the records they specify, exactly as provided in the wizard.


But if you update or add these SPF and MX records required for Exchange Online, it will affect your mailflow sooner than you probably intended.

The trick here is to uncheck all the Office 365 services and then click Next to activate the domain without specifying a purpose. This has no effect on the way Office 365 works for the domain – the services still work and user licenses are unaffected. It simply bypasses the DNS configuration and checks.


Once the domain has been activated you will be able to assign that domain as a sign-on domain for cloud users.

After a short while you will see the newly activated domain in the Exchange Admin Center (Mail Flow > Accepted Domains) and you will be able to add email addresses using that domain to cloud users.