Domain Health
Monitor the DNS configuration health of your domains. Domain health checks verify that all required DNS records are correctly configured for Microsoft 365 services.
Health Check Status
Each domain is checked for the following DNS records:
| Record | Description | Status |
|---|---|---|
| MX | Email routing to Exchange Online | Configured / Missing |
| SPF | Sender Policy Framework for anti-spoofing | Valid / Invalid / Missing |
| DKIM | DomainKeys Identified Mail signing | Enabled / Not enabled |
| DMARC | Domain-based Message Authentication | Configured / Missing |
Status Indicators
- Configured/Valid — Record is correctly set up and verified
- Not enabled — Record exists but the feature needs to be activated
- Missing — Record has not been added to DNS
Default Domain
The default domain is used when creating new users without specifying a domain:
- New users get UPN suffix of default domain
- Only verified domains can be set as default
- The initial *.onmicrosoft.com domain cannot be default if custom domains exist
- Change default by clicking “Set as Default” on any verified domain
Removing a Domain
Before removing a domain, you must:
- Change UPN suffix of all users from this domain
- Remove all email addresses using this domain
- Delete or rename all groups using this domain
- Remove all SharePoint site collections using this domain
- Delete the domain from M365
Warning: The initial *.onmicrosoft.com domain cannot be removed. It will always remain associated with your tenant.
API Reference
GET /api/identity/domains/:id/health— Check DNS configuration healthGET /api/identity/domains/:id/dns-records— Get required DNS records
Last updated on