We are hosting on our Exchange 2019 on-premises server (latest CU) multiple tenants (accepted domains). We have a wildcard certificate for our main domain, but the certificate is not valid for accepted domains.
I understand with SRV records, we can avoid certificate warnings and smooth email setup with the Outlook 365 client.
Do we need to add the SRV record on each client's DNS zone file? Is it also requried to add the same SRV record to the internal AD DNS? Anything else to consider?
Yes, you will need to configure _autodiscover._tcp.<fabrikam.com> for every non-cert domain, pointing it to autodiscover.<contoso.com> on port 443. Be advised not all clients honor SRV records. Alternative is to create a redirect (website on IIS, or balancer/adc), with its own IP, have it listen on 80 and redirect all autodiscover.<fabrikam.com>/autodiscover to https://autodiscover.<contoso.com>/autodiscover. Publish this as autodiscoverredirect.<contoso.com> (A), and then set up each autodiscover.<fabrikam.com> as CNAME for autodiscoverredirect.<contoso.com>