1. Is it mandatory to have your own domain to use a Microsoft 365 tenant?
The straightforward answer is ‘No’. A Microsoft 365 organization can function without its own domain. This section explains how a Microsoft 365 tenant operates without your own custom domains. It’s also important to understand the concepts listed here, as the individual domains added to the Microsoft 365 environment are considered accepted domains in Exchange Online.
Yes, when you register for Microsoft 365, your organization is assigned a default domain like ‘company.onmicrosoft.com’. This domain is used by default for email addresses or aliases unless you add a custom domain and set it as the default for your Microsoft 365 setup.
You can also add another onmicrosoft.com domain if needed. A common reason for adding additional onmicrosoft.com domains is to perform a SharePoint domain rename to match the organization’s rebranding. Once an onmicrosoft.com domain is added, it cannot be removed from the Microsoft 365 environment.
By default, the onmicrosoft.com domain provided when creating the Microsoft 365 tenant will be the fallback domain. However, you can change the fallback domain by adding another onmicrosoft.com domain later.
A fallback domain in Microsoft 365 is used as a backup when the primary domain cannot be used for certain operations or configurations. A fallback domain is particularly useful when the primary domain is unavailable, ensuring that your users' emails are still routed successfully.
You can add up to 5,000 domains to a Microsoft 365 subscription, including both custom domains and a maximum of 5 onmicrosoft.com domains.
2. What are the differences between accepted domains and remote domains in Microsoft 365?
Two key configurations to manage and route the emails in Exchange Online are accepted domains and remote domains. While both are essential for configuring your email system, they serve different purposes. Refer to the sections below for a detailed comparison of accepted domain vs remote domain in Microsoft 365.
Accepted domains are the custom domains you add to your Microsoft 365 tenant to allow mail flow. In simple terms, these are the domains used to define where email is accepted and delivered for your organization.
Example: If you have an accepted domain named ‘company.com’, emails sent to ‘person1@company.com’ or ‘person2@company.com’ are delivered to your organization’s mailboxes. This is true if the recipients exist within your organization.
Remote domains are external domains that define how emails are formatted and handled when sending to or receiving from external mail systems. They are used to manage features such as email format, automatic replies, and non-delivery reports for emails sent to the external domains.
Example: If your organization regularly interacts with another organization that uses the domain ‘company1.com,’ you can create a remote domain entry for ‘company1.com.’ This configuration allows you to specify how emails sent to ‘company1.com’ are managed.
3. How to add accepted domains in Office 365?
Adding a domain to Microsoft 365 is essential for organized email management. By default, when you add a domain in Microsoft 365, it becomes part of your organization’s accepted domains list in Exchange Online.
Adding your domain to the Microsoft 365 services requires the following navigation.
- Go to the Domains page in the Microsoft 365 admin center.
- Click the Add domain option. Enter your domain name and click Use this domain.
- Select a verification method and click 'Continue'. Follow the provided video and instructions to complete domain verification.
- Finally, choose the appropriate option to manage the domain name service (DNS) records to connect your domain and start using email and instant messaging.
- To set a newly added or existing domain as the default, click the ellipses next to the domain name and select ‘Set as default’. Then provide confirmation in the dialog box.
- After changing the default domain, the new default domain will be used for creating new accounts. Existing accounts will remain unchanged and continue to use their current domains. You will need to manually update their email addresses if you want them to use the new default domain.
- Any subdomains added will be automatically verified based on the parent domain that is being verified.
4. How to change the accepted domain type in Exchange Online?
Once you add a domain to the Microsoft 365 environment, it will be automatically recognized as an accepted domain of the type 'authoritative.' However, you can change the accepted domain type from authoritative to internal relay. Refer the points below for a comparison of authoritative vs internal relay in Microsoft 365:
- Authoritative: If the accepted domain is authoritative, incoming emails addressed to this domain will be delivered directly to the recipients within your Microsoft 365 environment. If the recipients are not recognized by M365, the mail will typically be bounced back to the sender with a non-delivery report (NDR) indicating that the recipient does not exist.
- Internal relay (non-authoritative): This option allows incoming messages to be delivered to known email addresses within Microsoft 365 and redirects messages to your own email server if the recipients are not recognized by Microsoft 365.
- To modify the accepted domain type, select the desired mail domain from the ‘Accepted domains’ page in the Exchange admin center.
- Select the appropriate domain type and click Save to apply changes.
Alternatively, you can use the ‘Set-AcceptedDomain’ cmdlet in the Exchange Online PowerShell to update the accepted domain type.
Set-AcceptedDomain -Identity <DomainName> -DomainType <Authoritative/InternalRelay>
Make sure to replace ‘<DomainName>’ with the desired domain name before execution.
Examining the changes made to your list of accepted domains is a breeze with AdminDroid!
- The accepted domain configuration report in AdminDroid shows all changes made to accepted domains in Exchange Online.
- To closely track any unauthorized activity, it provides metrics such as the operation performed, who carried it out, the domain affected, and more.
Tip: Make use of the Alert (🔔) option available with this audit report to instantly get notified when a configuration change is carried out in any accepted domains.
5. How to block specific accepted domain users from sending emails in M365?
Admins may choose to block a domain from sending emails in Microsoft 365 for several reasons, including:
- Phased out domains: Blocking outdated domains prevents messages from being sent from retired addresses and helps ensure a smooth transition by creating new aliases with the updated domains.
- Domain-specific use cases: Blocking outgoing emails for domains like @info.company.com or @feedback.company.com prevents sending unintended replies and misuse. This ensures that these domains are used solely for their intended purposes.
- Go to the ‘Accepted domains’ page in the Exchange admin center and click on the appropriate domain.
- Disable the Allow mail to be sent from this domain check box and click Save.
You can also use the following PowerShell cmdlet in the Exchange Online module to prevent sending emails from specific domains.
Set-AcceptedDomain -Identity <DomainName> -SendingFromDomainDisabled $true
Similarly, you can block domains from receiving emails, especially for domains that are intended for one-way communication (e.g., @noreply.company.com) where replies are not required. To block such domains, use the following command.
Set-AcceptedDomain -Identity <DomainName> -SendingToDomainDisabled $true
Note: To block incoming emails for a specific domain, you must use PowerShell as the Exchange admin center does not support this action.
6. How to enable mail flow for subdomains in Exchange Online?
Organizations often use subdomains to distinguish different departments or project teams (e.g., sales.company.com, support.company.com). In such cases, adding these sub domains as accepted domains in Exchange Online is essential to properly route and deliver the mails within the organization.
Note: If you have a few subdomains, it’s recommended to configure them as accepted domains rather than subdomains.
The initial step in enabling mail flow to on-premises subdomains is to set up matching subdomains for the parent domain. Follow these steps to complete the process:
- Navigate to Mail Flow»Accepted domains»Appropriate domain in the Exchange admin center.
- Ensure the ‘Internal relay’ option is selected and enable the Accept mail for all subdomains check box. Then, click Save.
To enable matching subdomains in an accepted domain using PowerShell, execute the following command. Ensure the domain type is set to ‘Internalrelay’ and that you have entered the desired domain name before execution.
Set-AcceptedDomain -Identity <DomainName> -MatchSubdomains $true
After enabling the domain to accept mail for its subdomains, you must configure it to transmit messages from Office 365 to your organization's email server. Here’s how to add the domain to the connector for message transmission.
- Navigate to the Connectors tab under the ‘Mail flow’ section in the Exchange admin center.
- Click on the respective connector that you use to transmit messages from Microsoft 365 to your organization's email server.
- In the connector properties flyout pane, click the Edit use option under the ‘Use of connector’ section.
- Select the Only when email messages are sent to these domains option, type the domain name to which you want to apply the connector (eg: *.company) and click the + icon. Select ‘Next.’
- Validate the domain using the appropriate email address and click Save to enable the mail flow with the on-premises subdomains.
For comprehensive tracking of Exchange Online connector changes, stick to AdminDroid, as it helps to audit both inbound and outbound configurations with detailed filtering options.
Windows PowerShell 
