EOP Field Notes

Exchange Online Protection: Notes from the field

One MX to Rule Them All

One MX to Rule Them All

  • Comments 4
  • Likes

Before I start I would like to call out that I think this is the best blog title that I have come up with to date. Surprisingly, or maybe not, I thought of this title and article while I was playing Ultimate Frisbee. My mind was obviously not in the game, and we did lose... anyways, let’s move on and figure out what I’m talking about with the title.

When your domains are added to Office 365 you will be presented with the MX record that will need to be set for them in DNS. Each domain will be given a slightly different and unique MX record. For example, if we added contoso.com to our tenant, Office 365 would probably (but not necessarily) give us the following MX record to add to the DNS for this domain.

contoso-com.mail.protection.outlook.com

Now let’s consider the situation where a lot of domains have been added to Office 365. Again, each of these domains will have been given a unique MX record by Office 365. You can get these unique records either one at a time through the Office 365 Portal, or you can pull them all at once using PowerShell. Once you have obtained all the unique MX records, you then will need to set each in DNS and hope you don’t make a typo.

To make things easier, you can use a single MX record for every single one of the domains that you have added to your Office 365 tenant! Great!!

Now, what is this one MX to rule them all? It can actually be the MX that is provided for any one of your domains. Continuing on with my above example, I have my Office 365 tenant and I have added both contoso.com and tailspintoys.com. Office 365 has indicated that the MX for contoso.com should be set to the following.

contoso-com.mail.protection.outlook.com

I can use this MX record for tailspintoys.com, even though Office 365 will have provided this domain its own unique MX record. Any additional domains I add to my tenant can also be configured with this same MX record.

The important part is that you are using a single Office 365 tenant. The MX record that you obtain needs to be from a domain that in in the same Office 365 tenant as all the other domains that will use this same MX.

Warning

In the above example, if you ever remove contoso.com from your tenant, the contoso-com.mail.protection.outlook.com MX record will stop working. So, if you want to use one MX for all your domains, use the MX from a domain that you will never delete from your tenant. Or better yet, use the MX from your default <InsertName>.onmicrosoft.com domain.

With the example above, the default domain was contoso.onmicrosoft.com. Perform an MX lookup on this and it currently returns the following.

contoso.mail.protection.outlook.com

This FQDN, contoso.mail.protection.outlook.com, can be used as the MX record for every domain that is added to this Office 365 tenant. If this tenant also has an on-premises mail environment that is smart hosting outbound mail to EOP, this same FQDN can be used as the smart host.

Comments
  • Thanks
    how do you technically do this?
    you just change the mx for each domain to be that one that you want ?

  • That's correct. Going with the recommendation above, perform an MX lookup on your .onmicrosoft.com domain. For example, for contoso.onmicrosoft.com this returns contoso.mail.protection.outlook.com. Now, for all of the domains that are added to this example tenant, contoso.mail.protection.outlook.com can be set for each of their MX records.

  • Thanks

  • How du you pull all the MX records at once with powershell?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment