Accepted Domains
Manage the email domains that Exchange Online accepts mail for. Accepted domains define which domains are owned by your organization and how Exchange handles mail for those domains.
Warning: Domains must be verified in Microsoft 365 before they can be configured as accepted domains. Use the Domains page to add and verify new domains.
Accepted Domain List
| Column | Description |
|---|---|
| Domain Name | The email domain (e.g., company.com) |
| Domain Type | Authoritative, Internal Relay, or External Relay |
| Default | Whether this is the default domain |
| Initial Domain | The .onmicrosoft.com domain |
| Mailboxes | Count of mailboxes using this domain |
Domain Types
Authoritative
Exchange Online is the only mail system for this domain. All recipients must have mailboxes in Exchange Online. Mail for unknown recipients is rejected with NDR.
- Use when: Domain is fully hosted in Microsoft 365
- Unknown recipients: Rejected (550 5.1.1)
Note: This is the most common domain type.
Internal Relay
Some recipients are in Exchange Online, others are on-premises or in another mail system. Exchange accepts mail and relays to on-premises if no cloud mailbox exists.
- Use when: Hybrid deployment with on-premises Exchange
- Unknown recipients: Relayed to on-premises connector
External Relay
Exchange accepts mail for this domain and relays all mail to an external mail system. No recipients exist in Exchange Online. Rare configuration.
- Use when: Domain is hosted elsewhere, passing through EOP
- All mail: Relayed to external destination
Default Domain
The default domain is used when creating new users if no domain is specified:
- New users get @defaultdomain.com addresses automatically
- Used as the primary SMTP address for new mailboxes
- Shown as the default option in admin portals
- Only one domain can be the default
Note: Set your primary business domain as the default, not the .onmicrosoft.com domain.
Hybrid Considerations
Internal Relay for Hybrid
During hybrid migration, use Internal Relay so Exchange Online can relay mail for on-premises mailboxes not yet migrated.
Post-Migration
After completing migration, change to Authoritative to ensure mail for unknown recipients is properly rejected.
On-Premises Connector
Internal Relay requires an outbound connector to route mail to your on-premises Exchange server for non-cloud recipients.
Initial Domain
Every Microsoft 365 tenant has an initial .onmicrosoft.com domain:
- Cannot be removed or renamed
- Always set as Authoritative
- Used for SharePoint site URLs
- Fallback for service addresses
- Should not be used for user email addresses
Adding a New Domain
- Add Domain in M365 — Add the domain in Microsoft 365 admin center.
- Verify Ownership — Add TXT or MX record to prove domain ownership.
- Configure DNS — Add MX, SPF, DKIM, and DMARC records.
- Set Domain Type — Configure as Authoritative or Internal Relay.
- Assign to Users — Add email addresses using the new domain to users.
DNS Requirements
| Record | Purpose | Required |
|---|---|---|
| MX | Routes mail to Exchange Online | Yes |
| SPF (TXT) | Authorizes EOP to send mail | Yes |
| DKIM (CNAME) | Email signing verification | Yes |
| DMARC (TXT) | Policy for SPF/DKIM failures | Recommended |
| Autodiscover (CNAME) | Outlook auto-configuration | Yes |
API Reference
GET /api/exchange/accepted-domains
List all accepted domains
GET /api/exchange/accepted-domains/:domain
Get domain details
PUT /api/exchange/accepted-domains/:domain/type
Change domain type
PUT /api/exchange/accepted-domains/:domain/default
Set as default domain