Do you use Azure DNS? Azure DNS provide hosting of your DNS zones in the Azure infrastructure meaning that not only do you get the fault-tolerance, audit logging and SLA (99.99%) but you can also manage your DNS zones using Powershell. I recommend you read about it on https://docs.microsoft.com/en-us/azure/dns/dns-overview including the FAQ and pricing information.
Implementing Office 365 requires a bit of DNS changes, and using Powershell this is very, very easy in Azure DNS. You need an account in Azure with admin-rights for Azure DNS, the name of the zone and the resource group it belongs to.
Change the input values to match the your environment and run this script from an editor (Powershell ISE or Visual Studio Code)
# This script automatically configures Azure DNS for O365# Written by Per-Torben Sørensen (per-torben.sorensen@advania.no)## Version: 1.0#*********************************************************************************************## Input values below$azureadmin = “me@example.onmicrosoft.com” # admin user in azure portal with DNS rights$ttl = “600” # TTL for all records (in seconds)$zonename=”azure.contoso.com”$rgname = “testazuredns” # Use Get-AzureRmDnsZone after login to find this$proofvalue = “MS=ms12345678” # Proof of ownership from the Office 365 portal##*********************************************************************************************## Variables below$cred = Get-Credential -Message “Log on” -UserName $azureadmin$runscript = $false # Failsafe for accidental running#*********************************************************************************************if ($runscript -eq $false){Write-Host -ForegroundColor Red “Do NOT run this script non-interactively! Run from editor”return}# Log on Azure RM and set DNS variableLogin-AzureRmAccount -Credential $cred$dnszone = Get-AzureRmDnsZone -Name $zonename -ResourceGroupName $rgname## Creating first TXT record (Proof of domain ownership)New-AzureRmDnsRecordSet -Zone $dnszone -Name “@” -RecordType TXT -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -Value “$($proofvalue)”)## Create CNAME recordsNew-AzureRmDnsRecordSet -Zone $dnszone -Name “autodiscover” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “autodiscover.outlook.com”)New-AzureRmDnsRecordSet -Zone $dnszone -Name “sip” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “sipdir.online.lync.com”)New-AzureRmDnsRecordSet -Zone $dnszone -Name “lyncdiscover” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “webdir.online.lync.com”)New-AzureRmDnsRecordSet -Zone $dnszone -Name “msoid” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “clientconfig.microsoftonline-p.net”)New-AzureRmDnsRecordSet -Zone $dnszone -Name “enterpriseregistration” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “enterpriseregistration.windows.net”)New-AzureRmDnsRecordSet -Zone $dnszone -Name “enterpriseenrollment” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “enterpriseenrollment.manage.microsoft.com”)## Modifies the existing TXT record$txtrecord = Get-AzureRmDnsRecordSet -Zone $dnszone -Name “@” -RecordType TXTAdd-AzureRmDnsRecordConfig -RecordSet $txtrecord -Value “v=spf1 include:spf.protection.outlook.com -all”Set-AzureRmDnsRecordSet -RecordSet $txtrecord## Create SRV recordsNew-AzureRmDnsRecordSet -Zone $dnszone -Name “_sip._tls” -RecordType SRV -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -Priority 100 -Weight 1 -Port 443 -Target sipdir.online.lync.com)New-AzureRmDnsRecordSet -Zone $dnszone -Name “_sipfederationtls._tcp” -RecordType SRV -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -Priority 100 -Weight 1 -Port 5061 -Target sipfed.online.lync.com)## Set MX record – THIS CHANGES THE MAIL FLOW!#$exchadr = ($zonename -replace “\.”,”-“)$exchadr +=”.mail.protection.outlook.com”$mxrecords = @()$mxrecords = New-AzureRmDnsRecordConfig -Exchange $exchadr -Preference 0New-AzureRmDnsRecordSet -Zone $dnszone -Name “@” -RecordType MX -Ttl $ttl -DnsRecords $mxrecords## This line allows you to select one or several DNS records and delete them from zoneGet-AzureRmDnsRecordSet -Zone $dnszone | Out-GridView -Title “Select record to delete” -OutputMode Multiple | Remove-AzureRmDnsRecordSet#
Per-Torben Sørensen 