Get Accepted Domains in Exchange Online

Native Solution

Microsoft 365 Permission Required

High

Least Privilege

Remote and Accepted Domains Role

Most Privilege

Global Admin

Option 1 Using Exchange Admin Center

Log in to the Exchange admin center.
Navigate to the Mail flow section and select the Accepted domains tab.
A list of all accepted domains will be displayed, including information about each domain's type and its email-sending status.

Option 2 Using Windows PowerShell

To get all accepted domains via PowerShell, first connect to Exchange Online module.
Windows PowerShell
```
 Connect-ExchangeOnline
```
Then, execute the following command to view all accepted domains in Exchange Online.

Windows PowerShell

 Get-AcceptedDomain -ResultSize Unlimited | Format-Table Name, DomainName, DomainType, Default, SendingToDomainDisabled, SendingFromDomainDisabled

Execution of the above cmdlet will get all accepted domains in Microsoft 365 along with key details such as their type, whether they are the default domain, and their status for sending or receiving messages.
This information helps you manage and configure domain settings effectively in Exchange Online.

AdminDroid Solution

More than 150 reports are under the free edition.

AdminDroid Permission Required

Delegated

Any user with report access assigned by the Super Admin.

StepsUsing AdminDroid

Sign-in to the AdminDroid Office 365 reporter.
Navigate to the Accepted Domains report under Reports»Exchange»Other Reports.

Note: Make use of the column customization to view the report with the attributes you need.

This report lists the accepted domains in Microsoft 365, including attributes such as domain type, authentication type, outbound-only status, initial domain status, default federated domain status, and more.

Utilize the built-in chart to easily visualize which accepted domains in Microsoft 365 handle emails for all sub-domains and which do not.

Explore a full range of reporting options

Looking for a refined analysis of accepted domains in Exchange Online?

Explore AdminDroid’s accepted domains report to review and analyze your domain setup. This lets you separately examine authoritative and internal relay domains to ensure everything meets your needs.

Witness the report in action using the

Live Demo

Important Tips

Configure SPF, DKIM, and DMARC authentication methods for all the accepted domains to prevent domain spoofing by attackers and improve domain reputation.

Use unique accepted domains for specific departments to segregate communication channels and tailor email rules to each department’s needs.

Review the non-accepted domain report to identify emails from your on-premises domains that aren’t accepted in M365 and configure them as accepted to prevent disruptions.

Exchange OnlineManage Accepted Domains in Exchange Online to Enhance and Ensure Proper Email Delivery

Showing 1 of 6

Is it mandatory to have your own domain to use a Microsoft 365 tenant? What are the differences between accepted domains and remote domains in Microsoft 365? How to add accepted domains in Office 365? How to change the accepted domain type in Exchange Online? How to block specific accepted domain users from sending emails in M365? How to enable mail flow for subdomains in Exchange Online?

Is it mandatory to have your own domain to use a Microsoft 365 tenant?

The straightforward answer is ‘No’. A Microsoft 365 organization can function without its own domain. This section explains how a Microsoft 365 tenant operates without your own custom domains. It’s also important to understand the concepts listed here, as the individual domains added to the Microsoft 365 environment are considered accepted domains in Exchange Online.

Does Microsoft 365 include domains?

Yes, when you register for Microsoft 365, your organization is assigned a default domain like ‘company.onmicrosoft.com’. This domain is used by default for email addresses or aliases unless you add a custom domain and set it as the default for your Microsoft 365 setup.

You can also add another onmicrosoft.com domain if needed. A common reason for adding additional onmicrosoft.com domains is to perform a SharePoint domain rename to match the organization’s rebranding. Once an onmicrosoft.com domain is added, it cannot be removed from the Microsoft 365 environment.

What is fallback domain in Microsoft 365?

By default, the onmicrosoft.com domain provided when creating the Microsoft 365 tenant will be the fallback domain. However, you can change the fallback domain by adding another onmicrosoft.com domain later.

A fallback domain in Microsoft 365 is used as a backup when the primary domain cannot be used for certain operations or configurations. A fallback domain is particularly useful when the primary domain is unavailable, ensuring that your users' emails are still routed successfully.

How many domains can be added to the Office 365 tenant?

You can add up to 5,000 domains to a Microsoft 365 subscription, including both custom domains and a maximum of 5 onmicrosoft.com domains.

What are the differences between accepted domains and remote domains in Microsoft 365?

Two key configurations to manage and route the emails in Exchange Online are accepted domains and remote domains. While both are essential for configuring your email system, they serve different purposes. Refer to the sections below for a detailed comparison of accepted domain vs remote domain in Microsoft 365.

What are accepted domains in Exchange Online?

Accepted domains are the custom domains you add to your Microsoft 365 tenant to allow mail flow. In simple terms, these are the domains used to define where email is accepted and delivered for your organization.

Typically, organizations configure various domains based on departments, branches, or sections, and create mailbox accounts to receive or send emails.

Example: If you have an accepted domain named ‘company.com’, emails sent to ‘person1@company.com’ or ‘person2@company.com’ are delivered to your organization’s mailboxes. This is true if the recipients exist within your organization.

What are remote domains in Exchange Online?

Remote domains are external domains that define how emails are formatted and handled when sending to or receiving from external mail systems. They are used to manage features such as email format, automatic replies, and non-delivery reports for emails sent to the external domains.

By default, a remote domain with a set of rules is defined to send and receive messages from external organizations. Any changes made to the default remote domain will apply to all external domains. To apply settings to a specific external domain, you need to create a dedicated remote domain entry.

Example: If your organization regularly interacts with another organization that uses the domain ‘company1.com,’ you can create a remote domain entry for ‘company1.com.’ This configuration allows you to specify how emails sent to ‘company1.com’ are managed.

How to add accepted domains in Office 365?

Adding a domain to Microsoft 365 is essential for organized email management. By default, when you add a domain in Microsoft 365, it becomes part of your organization’s accepted domains list in Exchange Online.

Add a domain to Microsoft 365

Adding your domain to the Microsoft 365 services requires the following navigation.

Go to the Domains page in the Microsoft 365 admin center.
Click the Add domain option. Enter your domain name and click Use this domain.
Select a verification method and click 'Continue'. Follow the provided video and instructions to complete domain verification.
Finally, choose the appropriate option to manage the domain name service (DNS) records to connect your domain and start using email and instant messaging.

Key considerations:

To set a newly added or existing domain as the default, click the ellipses next to the domain name and select ‘Set as default’. Then provide confirmation in the dialog box.
After changing the default domain, the new default domain will be used for creating new accounts. Existing accounts will remain unchanged and continue to use their current domains. You will need to manually update their email addresses if you want them to use the new default domain.
Any subdomains added will be automatically verified based on the parent domain that is being verified.

How to change the accepted domain type in Exchange Online?

Once you add a domain to the Microsoft 365 environment, it will be automatically recognized as an accepted domain of the type 'authoritative.' However, you can change the accepted domain type from authoritative to internal relay. Refer the points below for a comparison of authoritative vs internal relay in Microsoft 365:

Authoritative: If the accepted domain is authoritative, incoming emails addressed to this domain will be delivered directly to the recipients within your Microsoft 365 environment. If the recipients are not recognized by M365, the mail will typically be bounced back to the sender with a non-delivery report (NDR) indicating that the recipient does not exist.
Internal relay (non-authoritative): This option allows incoming messages to be delivered to known email addresses within Microsoft 365 and redirects messages to your own email server if the recipients are not recognized by Microsoft 365.

Change the accepted domain type in Exchange Online

To modify the accepted domain type, select the desired mail domain from the ‘Accepted domains’ page in the Exchange admin center.
Select the appropriate domain type and click Save to apply changes.

Alternatively, you can use the ‘Set-AcceptedDomain’ cmdlet in the Exchange Online PowerShell to update the accepted domain type.

Set-AcceptedDomain -Identity <DomainName> -DomainType <Authoritative/InternalRelay>

Make sure to replace ‘<DomainName>’ with the desired domain name before execution.

Examining the changes made to your list of accepted domains is a breeze with AdminDroid!

The accepted domain configuration report in AdminDroid shows all changes made to accepted domains in Exchange Online.
To closely track any unauthorized activity, it provides metrics such as the operation performed, who carried it out, the domain affected, and more.

Tip: Make use of the Alert (🔔) option available with this audit report to instantly get notified when a configuration change is carried out in any accepted domains.

How to block specific accepted domain users from sending emails in M365?

Admins may choose to block a domain from sending emails in Microsoft 365 for several reasons, including:

Phased out domains: Blocking outdated domains prevents messages from being sent from retired addresses and helps ensure a smooth transition by creating new aliases with the updated domains.
Domain-specific use cases: Blocking outgoing emails for domains like @info.company.com or @feedback.company.com prevents sending unintended replies and misuse. This ensures that these domains are used solely for their intended purposes.

How to block a domain from sending email?

Go to the ‘Accepted domains’ page in the Exchange admin center and click on the appropriate domain.
Disable the Allow mail to be sent from this domain check box and click Save.

You can also use the following PowerShell cmdlet in the Exchange Online module to prevent sending emails from specific domains.

Set-AcceptedDomain -Identity <DomainName> -SendingFromDomainDisabled $true

Similarly, you can block domains from receiving emails, especially for domains that are intended for one-way communication (e.g., @noreply.company.com) where replies are not required. To block such domains, use the following command.

Set-AcceptedDomain -Identity <DomainName> -SendingToDomainDisabled $true

Note: To block incoming emails for a specific domain, you must use PowerShell as the Exchange admin center does not support this action.

How to enable mail flow for subdomains in Exchange Online?

Organizations often use subdomains to distinguish different departments or project teams (e.g., sales.company.com, support.company.com). In such cases, adding these sub domains as accepted domains in Exchange Online is essential to properly route and deliver the mails within the organization.

But what if you have a hybrid environment where some subdomains exist only on-premises? In this scenario, you need to enable email flow for these subdomains using the following steps.

Note: If you have a few subdomains, it’s recommended to configure them as accepted domains rather than subdomains.

1. Set up match subdomains for a domain in Microsoft 365

The initial step in enabling mail flow to on-premises subdomains is to set up matching subdomains for the parent domain. Follow these steps to complete the process:

Navigate to Mail Flow»Accepted domains»Appropriate domain in the Exchange admin center.
Ensure the ‘Internal relay’ option is selected and enable the Accept mail for all subdomains check box. Then, click Save.

To enable matching subdomains in an accepted domain using PowerShell, execute the following command. Ensure the domain type is set to ‘Internalrelay’ and that you have entered the desired domain name before execution.

Set-AcceptedDomain -Identity <DomainName> -MatchSubdomains $true

2. Configure Exchange Online connectors to route emails

After enabling the domain to accept mail for its subdomains, you must configure it to transmit messages from Office 365 to your organization's email server. Here’s how to add the domain to the connector for message transmission.

Navigate to the Connectors tab under the ‘Mail flow’ section in the Exchange admin center.
Click on the respective connector that you use to transmit messages from Microsoft 365 to your organization's email server.
In the connector properties flyout pane, click the Edit use option under the ‘Use of connector’ section.
Select the Only when email messages are sent to these domains option, type the domain name to which you want to apply the connector (eg: *.company) and click the + icon. Select ‘Next.’
Validate the domain using the appropriate email address and click Save to enable the mail flow with the on-premises subdomains.

For comprehensive tracking of Exchange Online connector changes, stick to AdminDroid, as it helps to audit both inbound and outbound configurations with detailed filtering options.

AdminDroid Exchange Online ReporterEnsure smooth email delivery through optimal Exchange Online management!

In addition to the list of accepted domains in Microsoft 365, AdminDroid's Exchange Online reporting tool provides several capabilities to monitor mail flow and configurations. These reports enhance overall email administration by providing insights into deliverability issues and other critical email metrics.

A Quick Summary

Schedule Accepted Domains Report for Regular Updates

With AdminDroid's scheduling feature, you can regularly check accepted domains in Office 365 and their configurations by receiving automated reports directly to your designated mailboxes at specified intervals.

Find Undelivered Mails on Interaction-Blocked Domains

Monitor the undelivered emails based on the sender and recipient domains to identify emails that were affected after you disable sending or receiving for an Exchange Online accepted domain.

Audit Transport Rules that Impact Accepted Domains

Regularly review transport rule changes in Exchange Online to strategically identify rules that may block email delivery in important accepted domains.

Get Message Delivery Restrictions based on Domains

Use the ‘Advanced Customization’ option in the message delivery restriction report to list the mailboxes and their restrictions within the respective accepted domain.

Track Remote Domain Configuration Changes

Just as you monitor Exchange accepted domains, consistently review modifications to remote domains, as they are intended to ensure that your email communication with external domains remains seamless.

Monitor Mails Sent and Received by Accepted Domains

Leverage AdminDroid's all mails report to audit all emails sent and received by your Microsoft 365 accepted domains, ensuring proper email delivery and identifying potential issues.

In summary, the AdminDroid Exchange Online management tool stands out as a top-tier solution for optimizing email communication within your accepted domains!

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors With Their TroubleShooting Tips for Monitoring and Managing Accepted Domains in M365

Here are some common errors with the resolution tips that occur when you monitor or manage allowed domains in Office 365.

Error: Microsoft.Exchange.Management.SystemConfigurationTasks.ExternalRelayDomainsAreNotAllowedInDatacenterAndFfoException|External relay domains aren't allowed in your organization.

This error occurs when you try to set an accepted domain as an external relay domain using the ‘Set-AcceptedDomain’ PowerShell cmdlet. The domain type external relay is allowed only in Exchange on-premises and not in Exchange Online.

Troubleshooting hint :Since external relay domains are not supported in Microsoft 365, use other domain types such as authoritative or internal relay.

Error: Please go through validation process for your latest setting changes.

This error occurs when you attempt to save connector configurations in the Exchange admin center.

Troubleshooting hint :Validate the connector configuration using a valid email address for the respective domain before saving changes.

Error: Microsoft.Exchange.Management.SystemConfigurationTasks.MatchSubDomainsIsInternalRelayOnlyException|MatchSubDomains can only be enabled on an InternalRelay domain.

This error occurs in PowerShell when you attempt to enable a domain for accepting mail for its subdomains while the domain type is set to authoritative.

Troubleshooting hint :Change the domain type to internal relay using the following cmdlet and perform the action.

Set-AcceptedDomain -Identity <DomainName> -DomainType InternalRelay

Error: Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|The operation couldn't be performed because object 'x.com' couldn't be found on 'MA0P2......'.

This error occurs when the ‘Set-AcceptedDomain’ PowerShell cmdlet couldn't locate the domain "x.com" in your Exchange Online environment.

Troubleshooting hint :Ensure you have entered the correct domain name in the ‘Set-AcceptedDomain’ cmdlet. Verify the domain's existence in your environment using the following cmdlet before retrying the operation.

Get-AcceptedDomain -ResultSize Unlimited

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Give Just the Right Access to the Right People

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Insightful Charts and Exclusive Dashboards

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Efficient Report Exporting for Microsoft 365

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to List All Accepted Domains in Microsoft 365