Cloudflare in the cybersecurity and Information Technology industry, is known as a Content Delivery Network (CDN) service, that provides numerous internet server protections. The CDN acts as both an internet facing server or proxy servers and a firewall, allowing organizations to securely protect their website actual IP addresses, from the public internet and other web application attacks such as DDOS and Bruteforcing.
When an office365 business account is created, It actually becomes difficult for Microsoft to automatically configure your DOMAIN records (MX and TXT), if your website is behind a CDN.
This is due to a myriad of reasons such as:
- The domain records and services is provided by your hosting company.
- The IP address provided by Cloudflare, serves as a proxy server, and not the actual server preconfigured by your hosting company or DOMAIN registrar.
- This proxy server (CDN) which is shielding your actual hosting company IP for your DOMAIN records, only serves as a protection and not holding the actual domain configuration.
- Each time your proxy server IP address is visited, it calls the website IP address (which is now Private), associated with that proxy server IP address.
- That IP address now sends the requested information back to the proxy server (in this case CDN), and the user is then presented with the resources. Familiar with caching? Yes, CDN can also CACHE web-contents.
- It even becomes more complex when the domain register, is different from the hosting provider. This certainly complicates the chain of communication to these assigned name servers by the DOMAIN registrar, before hitting the proxy server and fetching the content.
- Due to the nature on how Microsoft365 communicates with various domain name providers such as GoDaddy to integrate your domain settings, the communication chart as illustrated above, makes it difficult for the MX and TXT record to be auto-configured. This is as a result of the DOMAIN residing behind a CDN, as the nameservers are not directly communicated with.
- Therefore, when Microsoft auto detects your configuration, it sees the CDN (in this case Cloudflare), as your domain register.
BOT Protection Issues:
In addition to the listed points above, the sophistication of bot protection, and enhanced security provided by Cloudflare, certainly serves as a barrier for autoconfiguration of your organization’s domain name by office365.
This inability for Office365 to auto-configure these records, could pose as a challenge in configuring the organizations custom domain as a means of Login in, or having access to the office365 administrative panel, also known as the admin dashboard. Subsequently, with such a difficulty inexperienced security administrators could find themselves temporarily switching of their CDN provider, to enable DOMAIN Records autoconfiguration by office365.
If the proxy-server (CDN) is temporarily switched off, Microsoft Office365 is then able to gain access to these Domain records nameservers, without the need to go through a proxy server or any other CDN services.
BUT THERE IS A SECURITY IMPACT…?
Consequently, temporarily switching-off the CDN, will result in wayback machines storing data about whois record queried withing that time frame the CDN was disabled, thereby leaving traces and information about your hosting on the internet in the Wayback information. And that as a websecurity expert or administrator, you don’t want it to happen.
So, in the eventually of having your organizations domain registered and wishing to integrate it into Office365 for Business, how do you go about this, without the need to temporarily switch off your CDN configurations?
To achieve the custom domain configuration, the following steps are to be taken:
STEP1:Accessing the Admin Portal with default Domain.
The user has to first login with the default domain name, they were assigned to, when they paid for the Microsoft365 for Business Subscription. Upon successful login, the administrator should be able to see their default portal dashboard. Click on “My Account Portal” to be able to access the administrative portal of Microsoft Cloud. (see image below).
STEP2: Accessing the Admin Menu.
Upon having access to the administrative portal, click on the “Pixilated Icon” at the top left, to reveal the “Side Menu”, when the side menu is revealed, click on “Admin”, to access the admin section or dashboard.
STEP3: Viewing All Admin Settings by Clicking Show All.
The administrator would be welcomed with a dashboard notification, asking them to select what purpose they intend to use the Microsoft for Business. Select whatever needs “goals” that you feel is the intended purpose for your business and save it, and then click on “SHOW ALL” menu.
STEP4: Accessing Domain Configuration by Clicking “Settings”.
Next toggle down the “SETTINGS” menu, to access more configuration settings, which also includes for “DOMAINS”, and then click on “ADD DOMAINS” , type your organizations domain. If the domain is valid, you should see a checkmark on the “DOMAIN name” . Microsoft will then proceed to ask that you verify that the domain actually belongs to you. As you can see from the image, it auto detects that Cloudflare is our “Domain Host” , and requests for a sign-in and authorization, to verify the domain name. At the bottom of the image, click on “verify” (see image below).
Ignore the “More options” menu, we will be explaining this in the next step.
STEP5: Autoconfiguration Declined by Cloudflare.
The login screen for Cloudflare, will popup for the user to login for verification. The administrator will need to provide their Cloudflare credentials, to login. However, due to Cloudflare serving as a proxy server, and not the actual hosting, the auto-verification wouldn’t be successful resulting to a “404-error” page. (see image below).
STEP6: Select Add A Verification Record.
The user would be returned back to the verification process, now click the “More options” as we described in “STEP4” to be utilized in the next step. This is to enable the websecurity expert or administrator to copy the “Text and MX” records provided, and manually integrate the configurations into Cloudflare.
In other for the “TEXT and MX” record to be revealed, select “Add a verification record” , and then click the “continue” button. (see image below).
STEP7: Accessing The DNS Records Menu.
Manually login into Cloudflare, Head on to “DNS” menu, and click on “Records”, all previous DNS records will be pulled from your nameservers and hosting configurations, would be displayed. (see image below).
STEP8: Clicking the Add Record Button.
Click on the “Add record” button, to be able to add the Microsoft365 records to the administrative panel. (see image below).
STEP9: Copying the TXT Record.
Head on back to the Microsoft Office365 dashboard, and obtain the “TXT record” configuration, head on Cloudflare, and add these records. Then save it. (see image below).
STEP10: Copying The MX Record.
Head on back to the Microsoft Office365 dashboard, and obtain the “MX record” configuration, head on Cloudflare, and add these records. Then save it. (see image below).
NOTE:
The reason why both “TXT and MX” records are to be integrated is to ensure that when office365 for business tries to communicate with the CDN, in the eventuality of a failed “TEXT” record, then the “MX” record will be a safe or fall zone, to ping back to Microsoft365 API, that calls for the domain verification vice-versa.
STEP11: Confirming The Record Configuration in Cloudflare.
Confirm that the records have been integrated into Cloudflare, the dashboard should appear as shown below. (see image below).
STEP12: Verifying Your Domain From Office365 Dashboard.
Head on back to Microsoft office365 administrator dashboard, and then at the bottom of the page, click the “Verify” button. (see image below).
STEP13: Microsoft Office365 Processing Domain Name Verification.
The Microsoft office365 for Business administrator, should see the loading dashboard as shown below. Trying to verify the domain name. (see image below).
STEP14: Setting Up New Custom Email Address With New Domain Name.
Upon verification, the dashboard should move on to the next stage, which is to load the existing domain name configuration. Since there are no domain name configured, the default organization domain name assigned by Microsoft during registration, would be the default email record displayed. (see images below).
STEP15: Adding The New Email Address.
Next integrate your organizations email address, that would be the new email address that should be used to login into Microsoft365 for business for your organization (see image below).
STEP16: Updating The New Email Address And Sign-out.
Upon configuring the email address, click the “Update and Sign Out”. (see image below).
NOTE:
The existing passkey that was configured using the default domain name by Microsoft, is still the same passkey that would be used for the new domain name during login verification process.
STEP17: Sign In With The New Domain Email Address.
Then use the newly created domain email, to sign in into your Microsoft Office365 for business. (see image below).
STEP18: Providing Email Password For New Domain Email Registered.
Next is to provide your Password, which is the same as the password of your personal email address used in signing up for the Office365 for Business. (see image below).
STEP19: Approve Signing Request Via Passkey Authentication App.
You will be prompted to paste the passkey authorization code. Type the authorization code in the Microsoft Authentication app used in setting up the Passkeys. (see image below).
STEP20: New Custom Domain Email Signs In.
Upon successful login, you would be reminded by Microsoft on the prompt question regarding the number of times you sign in. Select what resonates with you, and you should be redirected to your Microsoft Office365 administrator Cloud Dashboard. (see image below).
And that is how you verify your organization DOMAIN in Microsoft Office365 via Cloudflare, by manually integrating its “MX and TEXT” records into Cloudflare, using the provided settings, from Office365.
Thanks for the read…
INTERESTED To Know More About Passkeys READ These Below:
- Passkeys: Microsoft and Google’s Role in Next-Gen Cybersecurity.
- Unlock Seamless Security: Setting up Passkeys for Microsoft Account.
- How to Sign In to your Microsoft Account Using Passkeys.
- Configuring Passkeys, for your Office365 Business Account.
Put your comments below in the comment section on your thoughts about this.
Find this article and information helpful? Show some love and support “Click-Here“