Create DNS records at Cloudflare for Office 365

If Cloudflare is your DNS hosting provider, follow the steps in this article to verify your domain and set up DNS records for email, Skype for Business Online, and so on.

These are the main records to add. (Need more help? Get support.)

After you add these records at Cloudflare, your domain will be set up to work with Office 365 services.

To learn about webhosting and DNS for websites with Office 365, see Use a public website with Office 365.

Note:  Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you’re having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

Change your domain's nameserver (NS) records

Important: You must perform this procedure at the domain registrar where you purchased and registered your domain.

When you signed up for Cloudflare, you added a domain by using the Cloudflare Setup process.

The domain that you added was purchased from a separate domain registrar; Cloudflare does not offer domain registration services. To verify and create DNS records for your domain in Office 365, you first need to change the nameservers at your domain registrar so that they use Cloudflare’s nameservers.

To change your domain’s name servers at your domain registrar’s website yourself, follow these steps:

  1. Find the area on the domain registrar’s website where you can edit the nameservers for your domain.

  2. Either create two nameserver records by using the values in the following table, or edit the existing nameserver records so that they match these values.

    First nameserver

    Use the nameserver value provided by Cloudflare.

    Second nameserver

    Use the nameserver value provided by Cloudflare.

    Tip: You should use at least two name server records. If there are any other name servers listed, you should delete them.

  3. Save your changes.

Note: Your nameserver record updates may take up to several hours to update across the Internet's DNS system. Then your Office 365 email and other services will be all set to work with your domain.

Add a TXT record for verification

Before you use your domain with Office 365, we have to make sure that you own it. Your ability to log in to your account at your domain registrar and create the DNS record proves to Office 365 that you own the domain.

Note:  This record is used only to verify that you own your domain; it doesn’t affect anything else. You can delete it later, if you like.

  1. To get started, go to your domains page at Cloudflare by using this link. You'll be prompted to log in first.

    Cloudflare-BP-Configure-1-1

  2. On the Overview page, in the Select Website area, choose the domain that you want to update.

    Cloudflare-BP-Configure-1-2

  3. On the Overview page for your domain, choose DNS.

    Cloudflare-BP-Configure-1-3

  4. In the DNS Records area, in the boxes for the new record, choose the values from the following table.

    (Select the Type and TTL values from the drop-down lists.)

    Type

    Name

    Automatic TTL

    TXT

    @

    30 minutes

    Cloudflare-BP-Verify-1-1

  5. Choose Click to configure.

    Cloudflare-BP-Verify-1-2

  6. On the Add Record: TXT content page, in the box for the new record, type or copy and paste the value from the following table.

    Content

    MS=msXXXXXXXX

    Note: This is an example. Use your specific Destination or Points to Address value here, from the table in Office 365.
    How do I find this?

    Cloudflare-BP-Verify-1-3

  7. Choose Save.

    Cloudflare-BP-Verify-1-4

  8. Choose Add Record.

    Cloudflare-BP-Verify-1-5

  9. Wait a few minutes before you continue, so that the record you just created can update across the Internet.

Now that you've added the record at your domain registrar's site, you'll go back to Office 365 and request Office 365 to look for the record.

When Office 365 finds the correct TXT record, your domain is verified.

  1. Go to the Domains page.

  2. On the Manage domains page, select the domain that you are verifying and then, in the Action column for that domain, choose Start setup.

    O365-BP-Verify-1-2

  3. On the Add this TXT record to show you own domain_name page, choose Okay, I've added the record.

    O365-BP-Verify-1-3

  4. Choose Next.

    O365-BP-Verify-1-4

Note:  Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you’re having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

Back to top

Add an MX record so email for your domain will come to Office 365

  1. To get started, go to your domains page at Cloudflare by using this link. You'll be prompted to log in first.

    Cloudflare-BP-Configure-1-1

  2. On the Overview page, in the Select Website area, choose the domain that you want to update.

    Cloudflare-BP-Configure-1-2

  3. On the Overview page for your domain, choose DNS.

    Cloudflare-BP-Configure-1-3

  4. In the DNS Records area, in the boxes for the new record, choose the values from the following table.

    (Select the Type and TTL values from the drop-down lists.)

    Type

    Name

    Automatic TTL

    MX

    @

    30 minutes

    Cloudflare-BP-Configure-2-1

  5. Choose Click to configure.

    Cloudflare-BP-Configure-2-2

  6. On the Add Record: MX content page, in the boxes for the new record, type or copy and paste the values from the following table.

    Server

    Priority

    <domain-key>.mail.protection.outlook.com

    Note: Get your <domain-key> from your Office 365 portal account.
    How do I find this?

    10

    For more information about priority, see What is MX priority?

    Cloudflare-BP-Configure-2-3

  7. Choose Save .

    Cloudflare-BP-Configure-2-4

  8. Choose Add Record.

    Cloudflare-BP-Configure-2-5

  9. If there are any other MX records listed in the MX Records section, delete them by selecting the Delete (X) icon.

    Cloudflare-BP-Configure-2-6

  10. In the Confirm dialog box, choose OK to confirm your changes.

    Cloudflare-BP-Configure-2-7

Back to top

Add the four CNAME records that are required for Office 365

  1. To get started, go to your domains page at Cloudflare by using this link. You'll be prompted to log in first.

    Cloudflare-BP-Configure-1-1

  2. On the Overview page, in the Select Website area, choose the domain that you want to update.

    Cloudflare-BP-Configure-1-2

  3. On the Overview page for your domain, choose DNS.

    Cloudflare-BP-Configure-1-3

  4. Add the first of the four CNAME records.

    In the DNS Records area, in the boxes for the new record, type or copy and paste the values from the first row in the following table.

    (Select the Type and TTL values from the drop-down lists.)

    Type

    Name

    Domain name

    Automatic TTL

    CNAME

    autodiscover

    autodiscover.outlook.com

    30 minutes

    CNAME

    sip

    sipdir.online.lync.com

    30 minutes

    CNAME

    lyncdiscover

    webdir.online.lync.com

    30 minutes

    CNAME

    msoid

    clientconfig.microsoftonline-p.net

    30 minutes

    Cloudflare-BP-Configure-3-1

  5. Choose Add Record.

    Cloudflare-BP-Configure-3-2

  6. Add each of the other three CNAME records.

    In the DNS Records section, in the empty row, create a record by using the values from the next row in the table, and then again choose Add Record to complete that record.

    Repeat this process until you have created all four CNAME records.

  7. Important: If you have Mobile Device Management (MDM) for Office 365, then you must create two additional CNAME records. Follow the procedure that you used for the other four CNAME records, but supply the values from the following table.

    (If you do not have MDM, you can skip this step.)

    (Select the Type and TTL values from the drop-down lists.)

    Type

    Name

    Domain name

    CNAME

    enterpriseregistration

    enterpriseregistration.windows.net

    CNAME

    enterpriseenrollment

    enterpriseenrollment.manage.microsoft.com

Back to top

Add a TXT record for SPF to help prevent email spam

Important: You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Office 365. Instead, add the required Office 365 values to the current record so that you have a single SPF record that includes both sets of values. Need examples? Check out these details and sample SPF records. To validate your SPF record, you can use one of these SPF validation tools.

  1. To get started, go to your domains page at Cloudflare by using this link. You'll be prompted to log in first.

    Cloudflare-BP-Configure-1-1

  2. On the Overview page, in the Select Website area, choose the domain that you want to update.

    Cloudflare-BP-Configure-1-2

  3. On the Overview page for your domain, choose DNS.

    Cloudflare-BP-Configure-1-3

  4. In the DNS Records area, in the boxes for the new record, choose the values from the following table.

    (Select the Type and TTL values from the drop-down lists.)

    Type

    Name

    Automatic TTL

    TXT

    @

    30 minutes

    Cloudflare-BP-Configure-4-1

  5. Choose Click to configure.

    Cloudflare-BP-Configure-4-2

  6. On the Add Record: TXT content page, in the box for the new record, type or copy and paste the value from the following table.

    Content

    v=spf1 include:spf.protection.outlook.com -all

    Note: We recommend copying and pasting this entry, so that all of the spacing stays correct.

    Cloudflare-BP-Configure-4-3

  7. Choose Save Changes.

    Cloudflare-BP-Configure-4-4

  8. Choose Add Record.

    Cloudflare-BP-Configure-4-5

Back to top

Add the two SRV records that are required for Office 365

  1. To get started, go to your domains page at Cloudflare by using this link. You'll be prompted to log in first.

    Cloudflare-BP-Configure-1-1

  2. On the Overview page, in the Select Website area, choose the domain that you want to update.

    Cloudflare-BP-Configure-1-2

  3. On the Overview page for your domain, choose DNS.

    Cloudflare-BP-Configure-1-3

  4. Add the first of the two SRV records.

    In the DNS Records area, in the boxes for the new records, choose the values from the first row in the following table.

    Type

    TTL

    SRV

    30 minutes

    Cloudflare-BP-Configure-5-1

  5. Choose the first Click to configure box.

    Cloudflare-BP-Configure-5-2

  6. On the Add Record: SRV name page, in the boxes for the new record, type or copy and paste the values from the first row of the following table.

    Service name

    Protocol

    Name

    _sip

    TLS

    Use your domain_name, for example, contoso.com

    _sipfederationtls

    TCP

    Use your domain_name, for example, contoso.com

    Cloudflare-BP-Configure-5-3

  7. Choose Save.

    Cloudflare-BP-Configure-5-4

  8. On the Add Record: SRV content page, in the boxes for the new record, type or copy and paste the values from the first row of the following table.

    Priority

    Weight

    Port

    Target

    100

    1

    443

    sipdir.online.lync.com

    100

    1

    5061

    sipfed.online.lync.com

    Cloudflare-BP-Configure-5-5

  9. Choose Save.

    Cloudflare-BP-Configure-5-6

  10. Choose Add Record.

    Cloudflare-BP-Configure-5-7

  11. Add the other SRV record.

    In the DNS Records section, in the empty row, create the next record by copying and pasting the Service name, Protocol, and Name values from the second row of the table to the first screen, copying and pasting the Priority, Weight, Port, and Target values from the second row of the table to the next screen, and then again choosing Add Record to complete that record.

Note:  Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you’re having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

Back to top

Still need help?

Get help from the Office 365 community forums Admins: Sign in and create a service request Admins: Call Support

Back to top

Share Facebook Facebook Twitter Twitter Email Email

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!

×