10 minute Fix, Really Why Not Publish Info in Plain Terms?
Overview In all the documentation provided on this subject, I couldn’t find simple wording applying to Multiple Customers (Our company also). Scenario for Tenants addressed below:
• MS 365 is Managing the DNS. Aka Managed at Microsoft 365 - Default domain
This can be misleading. When DNS shows “All Good” on MS365, it does not represent any incorrect settings on registrar
• We Manage the DNS for Our Customers (Have Admin Privileges in Registrar site)
• We have Global Admin users in each Tenant.
Most would assume that if MS 365 is Managing the DNS, Aka Managed at Microsoft 365 and, During Domain Setup or Post Setup on MS365, you had checked the Setup my online services for me, the assumption may have been, all settings were correct. Not so.
After reading through possibly hundreds of references, that leave most knowing less than when they started, I found 1 vague reference to the problem. A Tip.
There are no admin portals or PowerShell cmdlets in Microsoft 365 for you to manage SPF records in your
domain. Instead, you create the SPF TXT record at your domain registrar or DNS hosting service (often the same
company).
A 10-minute “Fix” may have stated (Along with the screen prints provided below No Pics uploaded):
1. After determining what needs to be changed (Screen print below shows what to look for)
2. Log in to Registrar as admin. Reset to Default (registrars) or Revoke the 4x ns*.bdm.microsoftonline.com Name Servers.
3. Enter Correct DNS info.
4. Remove incorrect or stale data, including the original proof of domain ownership TXT record for Microsoft 365, generated by Microsoft during initial setup at many domain registrars. @ MS=ms######## TTL: 3600
a. One SPF record per domain or subdomain. Multiple SPF TXT records for the same domain or subdomain causes DNS lookup loop that makes SPF fail, so use only one SPF record per domain or subdomain.
5. Change DNS back to MS365 4x ns*.bdm.microsoftonline.com
Of course there are multiple other DNS that can be configured, Skype, Mobility etc.
For most Tenants, if the below 3 Exchange items are correct, you did a 10 minute “Fix”.
Additional diagnostics
To check if you're impacted by this event, admins can use
https://aka.ms/diagdkim to confirm that your email authentication records are valid. Or, from Admin Landing page, click help, type dkim to run test.
Set up SPF to identify valid email sources for your Microsoft 365 domain
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-sp...Set up DKIM to sign mail from your Microsoft 365 domain
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dk...Add DNS records to connect your domain
https://learn.microsoft.com/en-us/ icrosoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide
From the above landing page, the instructions for the different Providers are listed below
To know how to verify your domain with Microsoft by adding TXT record and to know how to connect to Microsoft services by adding DNS records see:
• Connect your DNS records at IONOS by 1&1 to Microsoft 365
• Connect your DNS records at 123-reg.co.uk to Microsoft 365
• Connect your DNS records at Amazon Web Services (AWS) to Microsoft 365
• Connect your DNS records at Cloudflare to Microsoft 365
• Connect your DNS records at GoDaddy to Microsoft 365
• Connect your DNS records at Namecheap to Microsoft 365
• Connect your DNS records at Network Solutions to Microsoft 365
• Connect your DNS records at OVH to Microsoft 365
• Connect your DNS records at web.com to Microsoft 365
• Connect your DNS records at Wix to Microsoft 365
• Create DNS records for Microsoft using Windows-based DNS