Microsoft did separate the Security and Compliance Center into two individual centers. Not only that,…
In the previous article, we did configure permissions in Exchange Hybrid. This time we will look at how to change the MX records to point to Office 365. That way, the mail will arrive first to Office 365, and Exchange Online Protection (EOP) will protect the organization against spam, malware, and other email threats.
Table of contents
When we add a domain in Office 365, it tells us what we should update the domain’s MX records to. That’s for the incoming emails from the internet to be delivered to Exchange Online.
Since this domain adding step occurs before the hybrid configuration is in place, we didn’t touch the MX records at that time. So, normal inbound mail flow to the Exchange on-premises organization will continue interrupted.
Now that we have the hybrid configuration in place with its secure hybrid mail flow, and want to cutover mail flow to Office 365, let’s take that value and update the MX records in the Public DNS zone.
Note: You don’t need to rerun the Hybrid Configuration Wizard after changing the MX records to Office 365 or back to on-premises in a hybrid deployment.
If you did not yet check the previous articles, we recommend you go through them by visiting the course Exchange Hybrid. This will make it easier for you to follow along.
Find Office 365 MX record
In our example, it’s exoip-com.mail.protection.outlook.com.
In the next step, we will sign in the Public DNS and update the MX records to Office 365.
Change MX records to Office 365
Sign in to the domain name registrar. That’s where you have the domain registered. Next, let’s find the MX records. You can have one or more MX records at the moment.
Note: Lower the TTL (Time To Live) on your MX records to a low value, such as 5 minutes or even 1 minute a few days before you plan to make the MX record change. It will ensure that the MX records change takes effect very quickly and that you can switch it back fairly quickly if you need to.
Since hybrid mail flow works with it, whether the mail goes to the on-premises server first or to Office 365 first. Therefore, we are not concerned about TTL and propagation delays in our example.
Remove MX records
Remove the MX records that point to Exchange on-premises. Most of the case the MX records are pointed to the on-premises or cloud spam filter.
Add Office 365 MX records
Add the Office 365 MX records which you copied in the previous step.
In the next step, we will verify the MX records.
Verify Office 365 MX records
It’s always good to verify that the MX records are successfully changed. Let’s look at a couple of examples.
Option 1: MxToolbox
An excellent way to check the MX records is using MxToolbox MX Lookup. Fill in the domain and click on MX Lookup.
Option 2: WhatsMyDNS
We can use WhatsMyDNS to query the DNS record globally and confirm that the update takes effect. Fill in the domain and select the MX type from the dropdown menu. After that, click Search.
Option 3: Message Header Analyzer
Another way is to send an email from an Exchange Online mailbox to an external recipient. For example, a test user that uses a Gmail account. After the user receives the email, reply to the email.
In our example, we sent an email from Richard’s Exchange Online mailbox to a Gmail account. After the Gmail user received the mail, we did reply from the Gmail account to Richard’s.
If the MX record change is working, that email should deliver directly to Exchange Online and into the user mailbox. If the mailbox has not worked yet, it would still reach the user mailbox, but it will go by the Exchange on-premises server first since that’s where the MX records used to point too.
Check the message header and use the Microsoft Message Header Analyzer to check which path the email did take. Confirm that the email did deliver straight from Google to Exchange Online.
The MX records change has taken effect, and inbound internet email now goes through Office 365 first.
In the next article, we will configure outbound mail via Office 365.
We showed how to update MX records to Office 365. It’s essential to adjust the TTL (Time To Live) to 5 minutes or less a couple of days before changing the MX records to Office 365. It will propagate the DNS changes faster. After that, update the MX records to Office 365. Lastly, verify that the Office 365 MX records are active and that incoming mail flow goes through Office 365 first.
Did you enjoy this article? You may also like Verify DNS SRV records for Office 365. Don’t forget to follow us and share this article.