Exchange Online

How to List All Accepted Domains in Microsoft 365

Regularly reviewing the accepted domains is essential for Microsoft 365 admins to ensure proper configuration and maintain smooth email communication. This proactive approach helps prevent issues like undelivered inbound and outbound emails. This guide provides instructions to review and manage accepted domains in Exchange Online along with their configurations, helping you troubleshoot email delivery issues.

Using Exchange Admin Center

Microsoft 365 Permission Required

Remote and Accepted Domains Role Least Privilege

Global Admin Most Privilege

Log in to the Exchange admin center.
Navigate to the Mail flow section and select the Accepted domains tab.
A list of all accepted domains will be displayed, including information about each domain's type and its email-sending status.

Using Windows PowerShell

Microsoft 365 Permission Required

Remote and Accepted Domains Role Least Privilege

Global Admin Most Privilege

To get all accepted domains via PowerShell, first connect to Exchange Online module.
Windows PowerShell
```
 Connect-ExchangeOnline
```
Then, execute the following command to view all accepted domains in Exchange Online.

Windows PowerShell

 Get-AcceptedDomain -ResultSize Unlimited | Format-Table Name, DomainName, DomainType, Default, SendingToDomainDisabled, SendingFromDomainDisabled

Execution of the above cmdlet will get all accepted domains in Microsoft 365 along with key details such as their type, whether they are the default domain, and their status for sending or receiving messages.
This information helps you manage and configure domain settings effectively in Exchange Online.

Using AdminDroid
Simple & Quick

AdminDroid Permission Required Delegated

Any user with report access assigned by the Super Admin.

Sign-in to the AdminDroid Office 365 reporter.
Navigate to the Accepted Domains report under Reports»Exchange»Other Reports.

AdminDroid Exchange Online Reporter

Ensure smooth email delivery through optimal Exchange Online management!

In addition to the list of accepted domains in Microsoft 365, AdminDroid's Exchange Online reporting tool provides several capabilities to monitor mail flow and configurations. These reports enhance overall email administration by providing insights into deliverability issues and other critical email metrics.

Schedule Accepted Domains Report for Regular Updates

With AdminDroid's scheduling feature, you can regularly check accepted domains in Office 365 and their configurations by receiving automated reports directly to your designated mailboxes at specified intervals.

Find Undelivered Mails on Interaction-Blocked Domains

Monitor the undelivered emails based on the sender and recipient domains to identify emails that were affected after you disable sending or receiving for an Exchange Online accepted domain.

Audit Transport Rules that Impact Accepted Domains

Regularly review transport rule changes in Exchange Online to strategically identify rules that may block email delivery in important accepted domains.

Get Message Delivery Restrictions based on Domains

Use the ‘Advanced Customization’ option in the message delivery restriction report to list the mailboxes and their restrictions within the respective accepted domain.

Track Remote Domain Configuration Changes

Just as you monitor Exchange accepted domains, consistently review modifications to remote domains, as they are intended to ensure that your email communication with external domains remains seamless.

Monitor Mails Sent and Received by Accepted Domains

Leverage AdminDroid's all mails report to audit all emails sent and received by your Microsoft 365 accepted domains, ensuring proper email delivery and identifying potential issues.

In summary, the AdminDroid Exchange Online management tool stands out as a top-tier solution for optimizing email communication within your accepted domains!

Explore a full range of reporting options

Download Live Demo

Important Tips

Configure SPF, DKIM, and DMARC authentication methods for all the accepted domains to prevent domain spoofing by attackers and improve domain reputation.

Use unique accepted domains for specific departments to segregate communication channels and tailor email rules to each department’s needs.

Review the non-accepted domain report to identify emails from your on-premises domains that aren’t accepted in M365 and configure them as accepted to prevent disruptions.

Common Errors and Resolution Steps

Here are some common errors with the resolution tips that occur when you monitor or manage allowed domains in Office 365.

Error Microsoft.Exchange.Management.SystemConfigurationTasks.ExternalRelayDomainsAreNotAllowedInDatacenterAndFfoException|External relay domains aren't allowed in your organization.

This error occurs when you try to set an accepted domain as an external relay domain using the ‘Set-AcceptedDomain’ PowerShell cmdlet. The domain type external relay is allowed only in Exchange on-premises and not in Exchange Online.

Fix Since external relay domains are not supported in Microsoft 365, use other domain types such as authoritative or internal relay.

Error Please go through validation process for your latest setting changes.

This error occurs when you attempt to save connector configurations in the Exchange admin center.

Fix Validate the connector configuration using a valid email address for the respective domain before saving changes.

Error Microsoft.Exchange.Management.SystemConfigurationTasks.MatchSubDomainsIsInternalRelayOnlyException|MatchSubDomains can only be enabled on an InternalRelay domain.

This error occurs in PowerShell when you attempt to enable a domain for accepting mail for its subdomains while the domain type is set to authoritative.

Fix Change the domain type to internal relay using the following cmdlet and perform the action.

Set-AcceptedDomain -Identity <DomainName> -DomainType InternalRelay

Error Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|The operation couldn't be performed because object 'x.com' couldn't be found on 'MA0P2......'.

This error occurs when the ‘Set-AcceptedDomain’ PowerShell cmdlet couldn't locate the domain "x.com" in your Exchange Online environment.

Fix Ensure you have entered the correct domain name in the ‘Set-AcceptedDomain’ cmdlet. Verify the domain's existence in your environment using the following cmdlet before retrying the operation.

Get-AcceptedDomain -ResultSize Unlimited

Exchange Online

Frequently Asked Questions

Manage Accepted Domains in Exchange Online to Enhance and Ensure Proper Email Delivery

Is it mandatory to have your own domain to use a Microsoft 365 tenant?

The straightforward answer is ‘No’. A Microsoft 365 organization can function without its own domain. This section explains how a Microsoft 365 tenant operates without your own custom domains. It’s also important to understand the concepts listed here, as the individual domains added to the Microsoft 365 environment are considered accepted domains in Exchange Online.

Does Microsoft 365 include domains?

Yes, when you register for Microsoft 365, your organization is assigned a default domain like ‘company.onmicrosoft.com’. This domain is used by default for email addresses or aliases unless you add a custom domain and set it as the default for your Microsoft 365 setup.

You can also add another onmicrosoft.com domain if needed. A common reason for adding additional onmicrosoft.com domains is to perform a SharePoint domain rename to match the organization’s rebranding. Once an onmicrosoft.com domain is added, it cannot be removed from the Microsoft 365 environment.

What is fallback domain in Microsoft 365?

By default, the onmicrosoft.com domain provided when creating the Microsoft 365 tenant will be the fallback domain. However, you can change the fallback domain by adding another onmicrosoft.com domain later.

A fallback domain in Microsoft 365 is used as a backup when the primary domain cannot be used for certain operations or configurations. A fallback domain is particularly useful when the primary domain is unavailable, ensuring that your users' emails are still routed successfully.

How many domains can be added to the Office 365 tenant?

You can add up to 5,000 domains to a Microsoft 365 subscription, including both custom domains and a maximum of 5 onmicrosoft.com domains.

What are the differences between accepted domains and remote domains in Microsoft 365?

Two key configurations to manage and route the emails in Exchange Online are accepted domains and remote domains. While both are essential for configuring your email system, they serve different purposes. Refer to the sections below for a detailed comparison of accepted domain vs remote domain in Microsoft 365.

What are accepted domains in Exchange Online?

Accepted domains are the custom domains you add to your Microsoft 365 tenant to allow mail flow. In simple terms, these are the domains used to define where email is accepted and delivered for your organization.

Typically, organizations configure various domains based on departments, branches, or sections, and create mailbox accounts to receive or send emails.

Example: If you have an accepted domain named ‘company.com’, emails sent to ‘person1@company.com’ or ‘person2@company.com’ are delivered to your organization’s mailboxes. This is true if the recipients exist within your organization.

What are remote domains in Exchange Online?

Remote domains are external domains that define how emails are formatted and handled when sending to or receiving from external mail systems. They are used to manage features such as email format, automatic replies, and non-delivery reports for emails sent to the external domains.

By default, a remote domain with a set of rules is defined to send and receive messages from external organizations. Any changes made to the default remote domain will apply to all external domains. To apply settings to a specific external domain, you need to create a dedicated remote domain entry.

Example: If your organization regularly interacts with another organization that uses the domain ‘company1.com,’ you can create a remote domain entry for ‘company1.com.’ This configuration allows you to specify how emails sent to ‘company1.com’ are managed.

How to add accepted domains in Office 365?

Adding a domain to Microsoft 365 is essential for organized email management. By default, when you add a domain in Microsoft 365, it becomes part of your organization’s accepted domains list in Exchange Online.

Add a domain to Microsoft 365

Adding your domain to the Microsoft 365 services requires the following navigation.

Go to the Domains page in the Microsoft 365 admin center.
Click the Add domain option. Enter your domain name and click Use this domain.
Select a verification method and click 'Continue'. Follow the provided video and instructions to complete domain verification.
Finally, choose the appropriate option to manage the domain name service (DNS) records to connect your domain and start using email and instant messaging.

Key considerations:

To set a newly added or existing domain as the default, click the ellipses next to the domain name and select ‘Set as default’. Then provide confirmation in the dialog box.
After changing the default domain, the new default domain will be used for creating new accounts. Existing accounts will remain unchanged and continue to use their current domains. You will need to manually update their email addresses if you want them to use the new default domain.
Any subdomains added will be automatically verified based on the parent domain that is being verified.

How to change the accepted domain type in Exchange Online?

Once you add a domain to the Microsoft 365 environment, it will be automatically recognized as an accepted domain of the type 'authoritative.' However, you can change the accepted domain type from authoritative to internal relay. Refer the points below for a comparison of authoritative vs internal relay in Microsoft 365:

Authoritative: If the accepted domain is authoritative, incoming emails addressed to this domain will be delivered directly to the recipients within your Microsoft 365 environment. If the recipients are not recognized by M365, the mail will typically be bounced back to the sender with a non-delivery report (NDR) indicating that the recipient does not exist.
Internal relay (non-authoritative): This option allows incoming messages to be delivered to known email addresses within Microsoft 365 and redirects messages to your own email server if the recipients are not recognized by Microsoft 365.

Change the accepted domain type in Exchange Online

To modify the accepted domain type, select the desired mail domain from the ‘Accepted domains’ page in the Exchange admin center.
Select the appropriate domain type and click Save to apply changes.

Alternatively, you can use the ‘Set-AcceptedDomain’ cmdlet in the Exchange Online PowerShell to update the accepted domain type.

Set-AcceptedDomain -Identity <DomainName> -DomainType <Authoritative/InternalRelay>

Make sure to replace ‘<DomainName>’ with the desired domain name before execution.

Examining the changes made to your list of accepted domains is a breeze with AdminDroid!

The accepted domain configuration report in AdminDroid shows all changes made to accepted domains in Exchange Online.
To closely track any unauthorized activity, it provides metrics such as the operation performed, who carried it out, the domain affected, and more.

Tip: Make use of the Alert (🔔) option available with this audit report to instantly get notified when a configuration change is carried out in any accepted domains.

How to block specific accepted domain users from sending emails in M365?

Admins may choose to block a domain from sending emails in Microsoft 365 for several reasons, including:

Phased out domains: Blocking outdated domains prevents messages from being sent from retired addresses and helps ensure a smooth transition by creating new aliases with the updated domains.
Domain-specific use cases: Blocking outgoing emails for domains like @info.company.com or @feedback.company.com prevents sending unintended replies and misuse. This ensures that these domains are used solely for their intended purposes.

How to block a domain from sending email?

Go to the ‘Accepted domains’ page in the Exchange admin center and click on the appropriate domain.
Disable the Allow mail to be sent from this domain check box and click Save.

You can also use the following PowerShell cmdlet in the Exchange Online module to prevent sending emails from specific domains.

Set-AcceptedDomain -Identity <DomainName> -SendingFromDomainDisabled $true

Similarly, you can block domains from receiving emails, especially for domains that are intended for one-way communication (e.g., @noreply.company.com) where replies are not required. To block such domains, use the following command.

Set-AcceptedDomain -Identity <DomainName> -SendingToDomainDisabled $true

Note: To block incoming emails for a specific domain, you must use PowerShell as the Exchange admin center does not support this action.

How to enable mail flow for subdomains in Exchange Online?

Organizations often use subdomains to distinguish different departments or project teams (e.g., sales.company.com, support.company.com). In such cases, adding these sub domains as accepted domains in Exchange Online is essential to properly route and deliver the mails within the organization.

But what if you have a hybrid environment where some subdomains exist only on-premises? In this scenario, you need to enable email flow for these subdomains using the following steps.

Note: If you have a few subdomains, it’s recommended to configure them as accepted domains rather than subdomains.

1. Set up match subdomains for a domain in Microsoft 365

The initial step in enabling mail flow to on-premises subdomains is to set up matching subdomains for the parent domain. Follow these steps to complete the process:

Navigate to Mail Flow»Accepted domains»Appropriate domain in the Exchange admin center.
Ensure the ‘Internal relay’ option is selected and enable the Accept mail for all subdomains check box. Then, click Save.

To enable matching subdomains in an accepted domain using PowerShell, execute the following command. Ensure the domain type is set to ‘Internalrelay’ and that you have entered the desired domain name before execution.

Set-AcceptedDomain -Identity <DomainName> -MatchSubdomains $true

2. Configure Exchange Online connectors to route emails

After enabling the domain to accept mail for its subdomains, you must configure it to transmit messages from Office 365 to your organization's email server. Here’s how to add the domain to the connector for message transmission.

Navigate to the Connectors tab under the ‘Mail flow’ section in the Exchange admin center.
Click on the respective connector that you use to transmit messages from Microsoft 365 to your organization's email server.
In the connector properties flyout pane, click the Edit use option under the ‘Use of connector’ section.
Select the Only when email messages are sent to these domains option, type the domain name to which you want to apply the connector (eg: *.company) and click the + icon. Select ‘Next.’
Validate the domain using the appropriate email address and click Save to enable the mail flow with the on-premises subdomains.

For comprehensive tracking of Exchange Online connector changes, stick to AdminDroid, as it helps to audit both inbound and outbound configurations with detailed filtering options.