Office 365 Domain Setup: Integrate MX and TXT Records with Cloudflare.

Cloudflare in the cybersecurity and Information Technology industry, is known as a Content Delivery Network (CDN) service, that provides numerous internet server protections. The CDN acts as both an internet facing server or proxy servers and a firewall, allowing organizations to securely protect their website actual IP addresses, from the public internet and other web application attacks such as DDOS and Bruteforcing.

When an office365 business account is created, It actually becomes difficult for Microsoft to automatically configure your DOMAIN records (MX and TXT), if your website is behind a CDN.

This is due to a myriad of reasons such as:

  1. The domain records and services is provided by your hosting company.
  2. The IP address provided by Cloudflare, serves as a proxy server, and not the actual server preconfigured by your hosting company or DOMAIN registrar.
  3. This proxy server (CDN) which is shielding your actual hosting company IP for your DOMAIN records, only serves as a protection and not holding the actual domain configuration.
  4. Each time your proxy server IP address is visited, it calls the website IP address (which is now Private), associated with that proxy server IP address.
  5. That IP address now sends the requested information back to the proxy server (in this case CDN), and the user is then presented with the resources. Familiar with caching? Yes, CDN can also CACHE web-contents.
  6. It even becomes more complex when the domain register, is different from the hosting provider. This certainly complicates the chain of communication to these assigned name servers by the DOMAIN registrar, before hitting the proxy server and fetching the content.
  7. Due to the nature on how Microsoft365 communicates with various domain name providers such as GoDaddy to integrate your domain settings, the communication chart as illustrated above, makes it difficult for the MX and TXT record to be auto-configured. This is as a result of the DOMAIN residing behind a CDN, as the nameservers are not directly communicated with.
  8. Therefore, when Microsoft auto detects your configuration, it sees the CDN (in this case Cloudflare), as your domain register.

  BOT Protection Issues:

In addition to the listed points above, the sophistication of bot protection, and enhanced security provided by Cloudflare, certainly serves as a barrier for autoconfiguration of your organization’s domain name by office365.

This inability for Office365 to auto-configure these records, could pose as a challenge in configuring the organizations custom domain as a means of Login in, or having access to the office365 administrative panel, also known as the admin dashboard. Subsequently, with such a difficulty inexperienced security administrators could find themselves temporarily switching of their CDN provider, to enable DOMAIN Records autoconfiguration by office365.

If the proxy-server (CDN) is temporarily switched off, Microsoft Office365 is then able to gain access to these Domain records nameservers, without the need to go through a proxy server or any other CDN services.

BUT THERE IS A SECURITY IMPACT…?

Consequently, temporarily switching-off the CDN, will result in wayback machines storing data about whois record queried withing that time frame the CDN was disabled,  thereby leaving traces and information about your hosting on the internet in the Wayback information. And that as a websecurity expert or administrator, you don’t want it to happen.  

So, in the eventually of having your organizations domain registered and wishing to integrate it into Office365 for Business, how do you go about this, without the need to temporarily switch off your CDN configurations? 

To achieve the custom domain configuration, the following steps are to be taken:

  • STEP1:Accessing the Admin Portal with default Domain.

    The user has to first login with the default domain name, they were assigned to, when they paid for the Microsoft365 for Business Subscription. Upon successful login, the administrator should be able to see their default portal dashboard. Click on “My Account Portal” to be able to access the administrative portal of Microsoft Cloud.  (see image below).

Office-365-Domain-Setup-Integrate-MX-and-TXT-Records-with-Cloudflare-01.png
                                                                                              The Administrator Portal. Image-source: Fixitgearware
  • STEP2: Accessing the Admin Menu.

    Upon having access to the administrative portal, click on the “Pixilated Icon” at the top left, to reveal the “Side Menu”, when the side menu is revealed, click on “Admin”, to access the admin section or dashboard.

 Office 365 Domain Setup Integrate MX and TXT Records with Cloudflare-02.png
                  Accessing the “Admin” requires clicking the pixilated icon at the top left of the admin dashboard.  Image-source: Fixitgearware
  • STEP3: Viewing All Admin Settings by Clicking Show All.

    The administrator would be welcomed with a dashboard notification, asking them to select what purpose they intend to use the Microsoft for Business. Select whatever needs “goals” that you feel is the intended purpose for your business and save it, and then click on “SHOW ALL” menu.

Office 365 Domain Setup Integrate MX and TXT Records with Cloudflare-02A.png
                                                                To be able to see more options, click the “Show all”. Image-source: Fixitgearware
  • STEP4: Accessing Domain Configuration by Clicking “Settings”.

Next toggle down the “SETTINGS” menu, to access more configuration settings, which also includes for “DOMAINS”, and then click on “ADD DOMAINS” , type your organizations domain. If the domain is valid, you should see a checkmark on the “DOMAIN name” . Microsoft will then proceed to ask that you verify that the domain actually belongs to you. As you can see from the image, it auto detects that Cloudflare is our “Domain Host” , and requests for a sign-in and authorization, to verify the domain name. At the bottom of the image, click on “verify” (see image below).

Office 365 Domain Setup Integrate MX and TXT Records with Cloudflare-03.png
                                                                         Click on “Domains” to be able to setup your organization Domain. Image-source: Fixitgearware

Ignore the “More options”  menu, we will be explaining this in the next step.

  • STEP5: Autoconfiguration Declined by Cloudflare.

The login screen for Cloudflare, will popup for the user to login for verification. The administrator will need to provide their Cloudflare credentials, to login. However, due to Cloudflare serving as a proxy server, and not the actual hosting, the auto-verification wouldn’t be successful resulting to a “404-error” page. (see image below).

Office-365-Domain-Setup-Integrate-MX-and-TXT-Records-with-Cloudflare-04-1.png
                                                          The Websecurit Administrator would experience a 404, when they “Login”. Image-source: Fixitgearware
  • STEP6: Select Add A Verification Record.

The user would be returned back to the verification process, now click the “More options”  as we described in “STEP4” to be utilized in the next step. This is to enable the websecurity expert or administrator to copy the “Text and MX” records provided, and manually integrate the configurations into Cloudflare.

In other for the “TEXT and MX” record to be revealed, select “Add a verification record” , and then click the “continue” button. (see image below).

Office-365-Domain-Setup-Integrate-MX-and-TXT-Records-with-Cloudflare-06.png
                                                                        The Administrator needs to select “Add a verification record”.  Image-source: Fixitgearware
  • STEP7: Accessing The DNS Records Menu.

Manually login into Cloudflare, Head on to “DNS” menu, and click on “Records”, all previous DNS records will be pulled from your nameservers and hosting configurations, would be displayed.  (see image below).

Office-365-Domain-Setup-Integrate-MX-and-TXT-Records-with-Cloudflare-07.png
…Domain records need to be manually Integrated into Cloudflare. Image-source: Fixitgearware
  • STEP8: Clicking the Add Record Button.

Click on the “Add record” button, to be able to add the Microsoft365 records to the administrative panel. (see image below).

Office 365 Domain Setup Integrate MX and TXT Records with Cloudflare-08.png
                                                                            Click on the “Add Record” button to add new records. Image-source: Fixitgearware
  • STEP9: Copying the TXT Record.

Head  on back to the Microsoft Office365 dashboard, and obtain the “TXT record” configuration, head on Cloudflare, and add these records. Then save it.  (see image below).

Office-365-Domain-Setup-Integrate-MX-and-TXT-Records-with-Cloudflare-09-1.png
                                                               …Copy the TXT records, and manually integrate it into Cloudflare. Image-source: Fixitgearware
  • STEP10: Copying The MX Record.

Head  on back to the Microsoft Office365 dashboard, and obtain the “MX record” configuration, head on Cloudflare, and add these records. Then save it.  (see image below).

Office-365-Domain-Setup-Integrate-MX-and-TXT-Records-with-Cloudflare-10.png
                                                   …Copy the MX records, and manually integrate it into Cloudflare. Image-source: Fixitgearware

NOTE:

The reason why both “TXT and MX” records are to be integrated is to ensure that when office365 for business tries to communicate with the CDN, in the eventuality of a failed “TEXT” record, then the “MX” record will be a safe or fall zone, to ping back to Microsoft365 API, that calls for the domain verification vice-versa.

  • STEP11: Confirming The Record Configuration in Cloudflare.

Confirm that the records have been integrated into Cloudflare, the dashboard should appear as shown below. (see image below).

Office-365-Domain-Setup-Integrate-MX-and-TXT-Records-with-Cloudflare-11.png
                                        ….Confirming the Office365 Domain Verification records has been Integrated. Image-source: Fixitgearware
  • STEP12:  Verifying Your Domain From Office365 Dashboard.

Head on back to Microsoft office365 administrator dashboard, and then at the bottom of the page, click the “Verify”  button.  (see image below).

Office-365-Domain-Setup-Integrate-MX-and-TXT-Records-with-Cloudflare-12.png
                     ….Microsoft needs to makes an API call, to the proxy server (CDN), to verify ownership. Image-source: Fixitgearware
  • STEP13: Microsoft Office365 Processing Domain Name Verification.

The Microsoft office365 for Business administrator, should see the loading dashboard as shown below. Trying to verify the domain name.  (see image below).

Office-365-Domain-Setup-Integrate-MX-and-TXT-Records-with-Cloudflare-13.png
…..The dashboard loading signifies microsoft trying to make an API call, to verify the DOMAIN name ownership. Image-source: Fixitgearware
  • STEP14: Setting Up New Custom Email Address With New Domain Name.

Upon verification, the dashboard should move on to the next stage, which is to load the existing domain name configuration.  Since there are no domain name configured, the default organization domain name assigned by Microsoft during registration, would be the default email record displayed.  (see images below).

Office-365-Domain-Setup-Integrate-MX-and-TXT-Records-with-Cloudflare-14-1.png
                                           …..Microsoft will try loading existing email configurations, if there are any. Image-source: Fixitgearware
  • STEP15: Adding The New Email Address.

Next integrate your organizations email address, that would be the new email address that should be used to login into Microsoft365 for business for your organization (see image below).

Office 365 Domain Setup Integrate MX and TXT Records with Cloudflare-15.png
           …..Websecurity Administrator needs to then provide the custom organizations email address. Image-source: Fixitgearware
  • STEP16: Updating The New Email Address And Sign-out.

Upon configuring the email address, click the “Update and Sign Out”. (see image below).

Office-365-Domain-Setup-Integrate-MX-and-TXT-Records-with-Cloudflare-16.png
                           …..The Websecurity administrator, can then save this new settings, and signout….Image-source: Fixitgearwarre

NOTE:

The existing passkey that was configured using the default domain name by Microsoft, is still the same passkey that would be used for the new domain name during login verification process.

  • STEP17: Sign In With The New Domain Email Address.

Then use the newly created domain email, to sign in into your Microsoft Office365 for business. (see image below).

Office 365 Domain Setup Integrate MX and TXT Records with Cloudflare-17.png
                                 ….Administrator can then login, with the newly customed domain. Image-source: Fixitgearware
  • STEP18: Providing Email Password For New Domain Email Registered.

Next is to provide your Password, which is the same as the password of your personal email address used in signing up for the Office365 for Business. (see image below).

Office-365-Domain-Setup-Integrate-MX-and-TXT-Records-with-Cloudflare-18-1.png
                                                           ....Password still remains the same for Login in… Image-source: Fixitgearware
  • STEP19: Approve Signing Request Via Passkey Authentication App.

You will be prompted to paste the passkey authorization code. Type the authorization code in the Microsoft Authentication app used in setting up the Passkeys. (see image below).

Office 365 Domain Setup Integrate MX and TXT Records with Cloudflare-19.png
    …..Administrator needs to provide passkey authentication code. Which is same as previous Logins. Image-source: Fixitgearware
  • STEP20: New Custom Domain Email Signs In.

Upon successful login, you would be reminded by Microsoft on the prompt question regarding the number of times you sign in. Select what resonates with you, and you should be redirected to your Microsoft Office365  administrator Cloud Dashboard. (see image below).

Office-365-Domain-Setup-Integrate-MX-and-TXT-Records-with-Cloudflare-20.png
             …..Administrator can decide if they want to be continuously reminded each time they login or not… Image-source: Fixitgearware

 

And that is how you verify your organization DOMAIN in Microsoft Office365 via Cloudflare,  by manually integrating its “MX and TEXT”  records into Cloudflare, using the provided settings, from Office365.  

Thanks for the read…

INTERESTED To Know More About Passkeys READ These Below:

Put your comments below in the comment section on your thoughts about this.

Find this article and information helpful? Show some love and support  “Click-Here

5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments