Office 365 DNS settings in a hybrid environment

The Office 365 Admin Center does a great job of helping administrators determine the DNS settings that are required to use a domain with Office 365; however it’s far from perfect. One particular case when it doesn’t help much at all is if you have hybrid components – for example Exchange Hybrid or Lync/Skype for Business Hybrid (split domain). In scenarios such as this, you might not want the entries that Office 365 suggests, for example:

  • Exchange autodiscover must be defined with CNAME records in a hybrid environment – the use of SRV records is not supported.
  • The CNAME record to repoint autodiscover.domainname.tld to autodiscover.outlook.com is not required in an Exchange hybrid environment (it is only used for Exchange Online).
  • If mailflow is via the on-premises infrastructure (centralised routing), the SPF records for the Office 365 servers (v=spf1 include:spf.protection.outlook.com -all) are not required. In addition, no new MX records are required.
  • In a Lync/Skype for Business hybrid (split domain) environment the _sipfederationtls._tcp. domainname.tld and _sip._tls.domainname.tld SRV records should point to the on-premises access proxy and not to sipdir.online.lync.com as they would for a Skype for Business online implementation. sip, lync, lyncdiscover and lsweb entries will also remain pointing to the on-premises infrastructure.

Office 365 - disable DNS record checks for a domainUnfortunately, without these settings in place, Office 365 will continue to alert that there are issues with domains that may cause “possible service issues”. To prevent this, navigate to the domains section of the Office 365 Admin Center and click fix issues next to one of the domains that is reporting problems. Then, on the right-hand side of the page, click the checkbox next to “Don’t check this domain for incorrect DNS records”. Once this is set, Office 365 should stop alerting for domain issues.

Also, be aware that DNS tests at the Microsoft remote connectivity analyzer and also some of the Office 365 Health, Readiness and Connectivity checks, may appear to fail in a hybrid environment.

Leave a Reply