Outlook 365 Business

Outlook 365 Business Download
Outlook Business Sign In
Outlook 365 Business Mail
Outlook 365 Business Premium

-->

If you purchased a domain from a third-party hosting provider, you can connect it to Microsoft 365 by updating the DNS records in your registrar’s account.

At the end of these steps, your domain will stay registered with the host that you purchased the domain from, but Microsoft 365 can use it for your email addresses (like user@yourdomain.com) and other services.

If you don't add a domain, people in your organization will use the onmicrosoft.com domain for their email addresses until you do. It's important to add your domain before you add users, so you don't have to set them up twice.

Office 365 Business is now Microsoft 365 Apps for business Why did you change the name from Office 365 to Microsoft 365? We changed the name to be more reflective of the range of features and benefits in the subscription. Mar 15, 2019 A screen shot of the Office account information is below. It’s not a business account, just personal. The email account was an IMAP set up when I first installed Outlook 365 about a week ago, and I know for sure that two emails from different days last week later disappeared.

From the home page select Install Office (If you set a different start page, go to aka.ms/office-install.) Select Office 365 apps to begin the installation. The 64-bit version is installed by default unless Office detects you already have a 32-bit version of Office (or a stand-alone Office. Microsoft 365 Apps for business. Get desktop versions of Office apps: Outlook, Word, Excel, PowerPoint, OneNote (plus Access and Publisher for PC only). Store and share files with 1 TB of OneDrive cloud storage per user.

Check the Domains FAQ if you don't find what you're looking for below.

Step 1: Add a TXT or MX record to verify you own the domain

Recommended: Verify with a TXT record

First, you need to prove you own the domain you want to add to Microsoft 365.

Sign in to the Microsoft 365 admin center and select Show all > Settings > Domains.
In a new browser tab or window, sign in to your DNS hosting provider, and then find where you manage your DNS settings (e.g., Zone File Settings, Manage Domains, Domain Manager, DNS Manager).
Go to your provider's DNS Manager page, and add the TXT record indicated in the admin center to your domain.

Adding this record won't affect your existing email or other services and you can safely remove it once your domain is connected to Microsoft 365.

Example:

TXT Name: @
TXT Value: MS=ms######## (unique ID from the admin center)
TTL: 3600‎ (or your provider default)

Save the record, go back to the admin center, and then select Verify. It typically takes around 15 minutes for record changes to register, but sometimes it can take longer. Give it some time and a few tries to pick up the change.

When Microsoft finds the correct TXT record, your domain is verified.

Verify with an MX record

If your registrar doesn't support adding TXT records, you can verify by adding an MX record.

Sign in to the Microsoft 365 admin center and select Show all > Settings > Domains.
In a new browser tab or window, sign in to your DNS hosting provider, and then find where you manage your DNS settings (e.g., Zone File Settings, Manage Domains, Domain Manager, DNS Manager).
Go to your provider's DNS Manager page, and add the MX record indicated in the admin center to your domain.

This MX record's Priority must be the highest of all existing MX records for the domain. Otherwise, it can interfere with sending and receiving email. You should delete this records as soon as domain verification is complete.

Make sure that the fields are set to the following values:

Record Type: MX
Priority: Set to the highest value available, typically 0.
Host Name: @
Points to address: Copy the value from the admin center and paste it here.
TTL: 3600‎ (or your provider default)

When Microsoft finds the correct MX record, your domain is verified.

Step 2: Add DNS records to connect Microsoft services

In a new browser tab or window, sign in to your DNS hosting provider, and find where you manage your DNS settings (e.g., Zone File Settings, Manage Domains, Domain Manager, DNS Manager).

You'll be adding several different types of DNS records depending on the services you want to enable.

Add an MX record for email (Outlook, Exchange Online)

Before you begin: If users already have email with your domain (such as user@yourdomain.com), create their accounts in the admin center before you set up your MX records. That way, they’ll continue to receive email. When you update your domain's MX record, all new email for anyone who uses your domain will now come to Microsoft 365. Any email you already have will stay at your current email host, unless you decide to migrate email and contacts to Microsoft 365.

You'll get the information for the MX record from the admin center domain setup wizard.

On your hosting provider's website, add a new MX record.Make sure that the fields are set to the following values:

Record Type: MX
Priority: Set to the highest value available, typically 0.
Host Name: @
Points to address: Copy the value from the admin center and paste it here.
TTL: 3600‎ (or your provider default)

Save the record, and then remove any other MX records.

Add CNAME records to connect other services (Teams, Exchange Online, AAD, MDM)

You'll get the information for the CNAME records from the admin center domain setup wizard.

On your hosting provider's website, add CNAME records for each service that you want to connect.Make sure that the fields are set to the following values for each:

Record Type: CNAME (Alias)
Host: Paste the values you copy from the admin center here.
Points to address: Copy the value from the admin center and paste it here.
TTL: 3600‎ (or your provider default)

Add or edit an SPF TXT record to help prevent email spam (Outlook, Exchange Online)

Before you begin: If you already have an SPF record for your domain, don't create a new one for Microsoft 365. Instead, add the required Microsoft 365 values to the current record on your hosting providers website so that you have a single SPF record that includes both sets of values.

On your hosting provider's website, edit the existing SPF record or create an SPF record.Make sure that the fields are set to the following values:

Record Type: TXT (Text)
Host: @
TXT Value: v=spf1 include:spf.protection.outlook.com -all
TTL: 3600‎ (or your provider default)

Save the record.

Validate your SPF record by using one of these SPF validation tools

SPF is designed to help prevent spoofing, but there are spoofing techniques that SPF cannot protect against. To protect against these, once you've set up SPF, you should also set up DKIM and DMARC for Microsoft 365.

To get started, see Use DKIM to validate outbound email sent from your domain in Microsoft 365 and Use DMARC to validate email in Microsoft 365.

Add SRV records for communications services (Teams, Skype for Business)

On your hosting provider's website, add SRV records for each service you want to connect.Make sure that the fields are set to the following values for each:

Record Type: SRV (Service)
Name: @
Target: Copy the value from the admin center and paste it here.
Protocol: Copy the value from the admin center and paste it here.
Service: Copy the value from the admin center and paste it here.
Priority: 100
Weight: 1
Port: Copy the value from the admin center and paste it here.
TTL: 3600‎ (or your provider default)

Save the record.

SRV record field restrictions and workarounds

Some hosting providers impose restrictions on field values within SRV records. Here are some common workarounds for these restrictions.

Name

If your hosting provider doesn't allow setting this field to @, leave it blank. Use this approach only when your hosting provider has separate fields for the Service and Protocol values. Otherwise, see the Service and Protocol notes below.

Service and Protocol

If your hosting provider doesn't provide these fields for SRV records, you must specify the Service and Protocol values in the record's Name field. (Note: Depending on your hosting provider, the Name field might be called something else, like: Host, Hostname, or Subdomain.) To add these values, you create a single string, separating the values with a dot.

Example: _sip._tls

Priority, Weight, and Port

If your hosting provider doesn't provide these fields for SRV records, you must specify them in the record's Target field. (Note: Depending on your hosting provider, the Target field might be called something else, like: Content, IP Address, or Target Host.)

To add these values, create a single string, separating the values with spaces and sometimes ending with a dot (check with your provider if you are unsure). The values must be included in this order: Priority, Weight, Port, Target.

Example 1: 100 1 443 sipdir.online.lync.com.
Example 2: 100 1 443 sipdir.online.lync.com

-->

This article compares encryption options in Microsoft 365 including Office 365 Message Encryption (OME), S/MIME, Information Rights Management (IRM), and introduces Transport Layer Security (TLS).

Microsoft 365 delivers multiple encryption options to help you meet your business needs for email security. This article presents three ways to encrypt email in Office 365. If you want to learn more about all security features in Office 365, visit the Office 365 Trust Center. This article introduces the three types of encryption available for Microsoft 365 administrators to help secure email in Office 365:

Office Message Encryption (OME).
Secure/Multipurpose Internet Mail Extensions (S/MIME).
Information Rights Management (IRM).

How Microsoft 365 uses email encryption

Encryption is the process by which information is encoded so that only an authorized recipient can decode and consume the information. Microsoft 365 uses encryption in two ways: in the service, and as a customer control. In the service, encryption is used in Microsoft 365 by default; you don't have to configure anything. For example, Microsoft 365 uses Transport Layer Security (TLS) to encrypt the connection, or session, between two servers.

Here's how email encryption typically works:

A message is encrypted, or transformed from plain text into unreadable ciphertext, either on the sender's machine, or by a central server while the message is in transit.
The message remains in ciphertext while it's in transit in order to protect it from being read in case the message is intercepted.
Once the message is received by the recipient, the message is transformed back into readable plain text in one of two ways:
- The recipient's machine uses a key to decrypt the message, or
- A central server decrypts the message on behalf of the recipient, after validating the recipient's identity.

For more information on how Microsoft 365 secures communication between servers, such as between organizations within Microsoft 365 or between Microsoft 365 and a trusted business partner outside of Microsoft 365, see How Exchange Online uses TLS to secure email connections in Office 365.

Watch this video for an introduction to Encryption in Office 365.

Comparing email encryption options available in Office 365

Email encryption technology
What is it?	Office 365 Message Encryption (OME) is a service built on Azure Rights Management (Azure RMS) that lets you send encrypted email to people inside or outside your organization, regardless of the destination email address (Gmail, Yahoo! Mail, Outlook.com, etc.). As an admin, you can set up transport rules that define the conditions for encryption. When a user sends a message that matches a rule, encryption is applied automatically. To view encrypted messages, recipients can either get a one-time passcode, sign in with a Microsoft account, or sign in with a work or school account associated with Office 365. Recipients can also send encrypted replies. They don't need a Microsoft 365 subscription to view encrypted messages or send encrypted replies.	IRM is an encryption solution that also applies usage restrictions to email messages. It helps prevent sensitive information from being printed, forwarded, or copied by unauthorized people. IRM capabilities in Microsoft 365 use Azure Rights Management (Azure RMS).	S/MIME is a certificate-based encryption solution that allows you to both encrypt and digitally sign a message. The message encryption helps ensure that only the intended recipient can open and read the message. A digital signature helps the recipient validate the identity of the sender. Both digital signatures and message encryption are made possible through the use of unique digital certificates that contain the keys for verifying digital signatures and encrypting or decrypting messages. To use S/MIME, you must have public keys on file for each recipient. Recipients have to maintain their own private keys, which must remain secure. If a recipient's private keys are compromised, the recipient needs to get a new private key and redistribute public keys to all potential senders.
What does it do?	OME: Encrypts messages sent to internal or external recipients. Allows users to send encrypted messages to any email address, including Outlook.com, Yahoo! Mail, and Gmail. Allows you, as an admin, to customize the email viewing portal to reflect your organization's brand. Microsoft securely manages and stores the keys, so you don't have to. No special client side software is needed as long as the encrypted message (sent as an HTML attachment) can be opened in a browser.	IRM: Uses encryption and usage restrictions to provide online and offline protection for email messages and attachments. Gives you, as an admin, the ability to set up transport rules or Outlook protection rules to automatically apply IRM to select messages. Lets users manually apply templates in Outlook or Outlook on the web (formerly known as Outlook Web App).	S/MIME addresses sender authentication with digital signatures, and message confidentiality with encryption.
What does it not do?	OME doesn't let you apply usage restrictions to messages. For example, you can't use it to stop a recipient from forwarding or printing an encrypted message.	Some applications may not support IRM emails on all devices. For more information about these and other products that support IRM email, see Client device capabilities.	S/MIME doesn't allow encrypted messages to be scanned for malware, spam, or policies.
Recommendations and example scenarios	We recommend using OME when you want to send sensitive business information to people outside your organization, whether they're consumers or other businesses. For example: A bank employee sending credit card statements to customers A doctor's office sending medical records to a patient An attorney sending confidential legal information to another attorney	We recommend using IRM when you want to apply usage restrictions as well as encryption. For example: A manager sending confidential details to her team about a new product applies the 'Do Not Forward' option. An executive needs to share a bid proposal with another company, which includes an attachment from a partner who is using Office 365, and require both the email and the attachment to be protected.	We recommend using S/MIME when either your organization or the recipient's organization requires true peer-to-peer encryption. S/MIME is most commonly used in the following scenarios: Government agencies communicating with other government agencies A business communicating with a government agency

What encryption options are available for my Microsoft 365 subscription?

For information about email encryption options for your Microsoft 365 subscription see the Exchange Online service description. Here, you can find information about the following encryption features:

Azure RMS, including both IRM capabilities and OME
S/MIME
TLS
Encryption of data at rest (through BitLocker)

You can also use third-party encryption tools with Microsoft 365, for example, PGP (Pretty Good Privacy). Microsoft 365 does not support PGP/MIME and you can only use PGP/Inline to send and receive PGP-encrypted emails.

What about encryption for data at rest?

'Data at rest' refers to data that isn't actively in transit. In Microsoft 365, email data at rest is encrypted using BitLocker Drive Encryption. BitLocker encrypts the hard drives in Microsoft datacenters to provide enhanced protection against unauthorized access. To learn more, see BitLocker Overview.