![DNS Provisioning Change [MC1048624]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-pawel-l-435199-1186477-1024x683.webp)
Message ID: MC1048624
We’re making some changes to DNS provisioning of A records for all new Accepted Domains provisioned after July 1st, 2025. Between July 1st and August 1st, 2025, we will gradually switch provisioning of all A records for new Accepted Domains into the new subdomains under mx.microsoft.
We are doing this to reduce the friction of adopting DNSSEC in the long run. DNSSEC is a set of extensions to DNS that provides cryptographic verification of DNS records, preventing DNS spoofing and adversary-in-the-middle attacks to DNS.
[How this will affect your organization:]
After August 1st 2025, all A records for new Accepted Domains will be provisioned into the new subdomains under mx.microsoft.
DNS resolution will safely fallback to “plain” DNS if a domain is not DNSSEC enabled. If an Accepted Domain you add to the Exchange Admin Center after July 1st is not secured with DNSSEC at the domain level (ex. contoso.com), then DNS resolution will work as usual. If an Accepted Domain you add to the EAC after July 1st is secured with DNSSEC, then DNSSEC will extend to the mx.microsoft DNS record automatically and you will get the benefits of DNSSEC without having to take any further action. Any issues with DNSSEC can be addressed by disabling DNSSEC for the Accepted Domain (ex. contoso.com) via your DNS provider.
[What you need to do to prepare:]
If you have any automation in place, for example in workflows for Domain Setup, for MX record creation that expects A records for newly provisioned Accepted Domains to be provisioned in mail.protection.outlook.com, this automation needs to be updated by July 1st to use List serviceConfigurationRecords Graph API (List serviceConfigurationRecords). Use List serviceConfigurationRecords to retrieve the mailExchange value for your MX record. After July 1st, List serviceConfigurationRecords Graph API will be the only source of truth for your Accepted Domains’ MX record value. You will not be able to rely on the Accepted Domain’s A record being provisioned in mail.protection.outlook.com after July 1st.
If you are using automation that expects the record to end with mail.protection.outlook.com, when you add a new Accepted Domain to the Exchange Admin Center after July 1st, mail flow may not work upon initial configuration and you will have to update your MX record to match what the Exchange Admin Center says for the domain or use the mailExchange value returned by List serviceConfigurationRecords Graph API.
If you expect this change to cause any issues for your organization, please share that feedback.
Source: Microsoft
![Generative AI capabilities in Microsoft Purview will be transitioning to paid public preview [MC1048612]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-leofallflat-1089194-150x150.webp)
![Changes to Plan Visibility in Planner and Project for the Web ‘Recent’ for Project Apps and Project Online users [MC1048633]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-seatizen-co-170969-557782-150x150.webp)
The upcoming changes to DNS provisioning signal an important step towards enhancing the security and efficiency of our digital infrastructure. For admins, the shift to provisioning A records under the new mx.microsoft subdomains means a bit of a learning curve, especially for those who have automated workflows reliant on the current setup. It’s essential to update any automation processes by July 1st, 2025, to ensure seamless mail flow and prevent any hiccups in domain management. Think of it as a friendly nudge to tidy up your tech toolkit!
For users, the impact may be less direct, but the benefits of enhanced security through DNSSEC are certainly worth mentioning. With cryptographic verification in place, users can enjoy a safer online experience, free from the lurking threats of DNS spoofing and other nefarious activities. It’s like upgrading from a regular lock to a state-of-the-art security system for your digital mailbox!
Overall, while the transition may require some adjustments and updates on the admin side, the long-term benefits for both admins and users are significant. As we embrace these changes, it’s a great opportunity for everyone to engage in discussions about how we can further enhance our security measures.
What are your thoughts on these changes? Do you foresee any challenges in your organization? Let’s hear your experiences and insights! Feel free to drop a comment below. And for more information and resources on this topic, check out additional posts at mwpro.co.uk.