This is topic is in progress.  Please help us by offering feedback and suggestions.

Office 365 for professionals and small businesses: Simple Domain Sharing for Email

Goals

Margie's Travel is comprised of 5 employees.  Margie and her husband, Mike, want to start using the advanced features offered by Office 365 to take advantage of the fact that they need to keep an eye on the business from their mobile devices.  At the present time, all 5 employees have their email hosted by A. Datum Corporation, who hosts their website and provides basic IMAP-based email.  All contacts, tasks, and calendaring is done locally on Outlook, as they have no Exchange server today.  Although Margie expects her other 3 employees may want to move to Office 365 at some point, for the moment, she wants to begin using it with her husband before they decide to move everyone to the cloud.  She wants no impact to her customers, that is, she doesn’t want to change email addresses.

Starting configuration:

Domain

margiestravel.com

DNS Name Servers

dns1.adatum.com,

dns2.adatum.com

MX record

preference = 10, mail exchanger = mailserver.adatum.com

SPF record

“v=spf1 mx include:adatum.com ~all”

Mailbox

Email Address

Primary Location

Margie

margie@margiestravel.com

ADATUM IMAP

Mike

mike@margiestravel.com

ADATUM IMAP

Sue

sue@margiestravel.com

ADATUM IMAP

Sally

sally@margiestravel.com

ADATUM IMAP

Scott

scott@margiestravel.com

ADATUM IMAP

Desired configuration:

Domain

margiestravel.com

DNS Name Servers

dns1.adatum.com,

dns2.adatum.com

MX record

preference = 10, mail exchanger = mailserver.adatum.com

SPF record

“v=spf1 mx include:adatum.com include:outlook.com ~all”

Mailbox

Email Address

Primary Location

Margie

margie@margiestravel.com

Office 365

Mike

mike@margiestravel.com

Office 365

Sue

sue@margiestravel.com

ADATUM IMAP

Sally

sally@margiestravel.com

ADATUM IMAP

Scott

scott@margiestravel.com

ADATUM IMAP

Before you begin

There are a few things to point out before proceeding. First of all, while this approach may work with Office 365 Enterprise, the preferred approach for those customers is to make use of the recommended Hybrid configuration tools. In order to make use of certain functionality (for example, free-busy sharing, secure mail, GAL synchronization, single management, single sign on, etc.), DirSync is required.  In this case, however, since there are only 5 employee mailboxes, Margie won’t have to do too much ongoing administration.  Sue, Sally, and Scott do not use their calendars much today (other than for keeping their own personal schedules), and their mailboxes are hosted on an IMAP server that does not support these features, so this simple solution is perfect for their needs.  In addition, when the decision is made to move Sue, Sally, and Scott to Office 365, all of them will be manually moved at one time.

The next thing to note is that this will not work if the ADATUM mail server does not support forwarding for Margie and Mike.  Although the server does not need to keep a copy, it will need to forward all messages to Office 365 as the MX record still points to A. Datum in this scenario.  Most mail servers will support this functionality in some way – contact your current email provider for exact steps.
Finally, Office 365 has anti-spam protection provided by Forefront Online Protection for Exchange (FOPE).  If FOPE detects a lot of spam being forwarded by the ADATUM mail server, it may potentially block the A. Datum server, which could break the scenario and require a support call to fix.  With the current version of Office 365 Professional, there is no way to “safe list” the A. Datum server.  Margie and Mike are pretty confident in the spam protection that ADATUM provides today, however, so they are able to continue with this configuration.

Step by step guide

Step 1: Verify that you own the domain you want to use

  1. Login to Office 365.  When signing up for Office 365, it is suggested to create a generic administrative account for getting started (in other words, create an account similar to admin@margiestravel.onmicrosoft.com).  This will make the rest of the process easier to follow.
  2. Click Admin at the top.
  3. Click Domains under Management.
  4. Click Add a Domain.
  5. Type the domain (e.g., margiestravel.com) and click Check Domain.
  6. Verify that the domain information looks correct, noting the DNS registrar, and click Next.
  7. Follow the instructions to add a TXT record to show that you own the domain.  You should not use the MX record method.  If your DNS provider does not support TXT records, then you may want to consider a different DNS provider.
  8. Click Verify (note that this may take a few minutes, depending on your DNS provider).
  9. When verifation completes, you will be asked to modify your DNS name server records. DO NOT modify the Name Server records, simply click Cancel.

Step 2: Mark the domain as shared in Exchange Online

  1. Login to Office 365.
  2. Click Admin at the top.
  3. Under Outlook, click General settings.  This will take you to Exchange Control Panel (ECP).
  4. In ECP, click Mail Control.
  5. Under Domains & Protection, double-click the domain you want to modify (e.g. margiestravel.com)
  6. In the pop-up window, change the Domain Type from Hosted to Shared.
  7. Click Save.  This setting may require a few minutes to take effect.

Step 3: Create accounts & set primary (reply-to) address

  1. Login to Office 365.
  2. Click Admin at the top.
  3. Click Users under Management.
  4. Follow the directions to create the user accounts.  In this example, we are creating accounts for Margie and Mike.  Ideally, the User name field should match the email address.  Pay particular attention to whether or not you would like to assign administrator permissions.
  5. Verify the primary email address (full user name) by clicking on Properties for each user.  You may need to modify the domain portion of the user principle name (e.g. @margiestravel.com).  Note that you will not be able to modify the domain portion for the administrator who is currently logged in.  Instead, you can simply create a temporary account for administration purposes (for example, you will have 3 accounts: 
    - admin@margiestravel.onmicrosoft.com (there is no need to change the domain for this account)
    - margie@margiestravel.com
    - mike@margiestravel.com
    If you did not setup a generic administrator account earlier, and need to modify the account that you are already logged into, you will simply need to create an additional administrator and login to that account in order to change the first account’s domain name.
    If you open the properties for Margie & Mike in ECP, you’ll also notice that the @margiestravel.onmicrosoft.com address remains as an additional SMTP address.
  6. If you need to modify any user settings, be sure to click Save.

Step 4: Update SPF & other DNS records

If you already have a Sender Policy Framework (SPF) record, then the simplest thing you can do is add "include:outlook.com" to the current TXT record, similar to the example in the "Desired configuration" table above.

If you don't have an SPF record, you probably should go ahead and create one now.  SPF records are increasingly crucial when mail servers not associated with your domain send mail on your behalf, like Office 365 will be doing in this configuration (the MX records will still point to the old server).

There are wizards that can help you create a proper SPF record, but at a minimum you want the IP/DNS entry for your current email provider, plus "include:outlook.com" to authorize Office 365.

In addition, while logged in to your DNS provider, you may want to go ahead and create additional required Office 365 records.

Step 5: Test mail flow

  1. Login to Outlook Web App (OWA) using Margie’s credentials.  The URL is https://outlook.com/owa/office365.com
  2. Perform the following tests:
    • Send an email to Mike (mike@margiestravel.com).  The email should be delivered immediately.  In this scenario, the message will NOT first route to Mike’s mailbox on ADATUM because Office 365 sees the mailbox as being local
    • Send an email to Sue.  The email should be delivered to Sue’s mailbox on the ADATUM server.
    • From an outside account, or from Sue’s ADATUM account, verify that forwarding is setup properly on ADATUM server.  For example, send Margie an email from a Hotmail account and make sure it arrives in Margie’s Office 365 mailbox.

Step 6: Configure forwarding from old mail provider

Although the server does not need to keep a copy, it will need to forward all messages to Office 365 as the MX record still points to A. Datum in this scenario.  Most servers will support this functionality in some way – contact your current email provider for the exact steps.
Because @margiestravel.com is being used by the ADATUM server, you will need to setup forwarding to the onmicrosoft.com domain that was provided at signup, for example, @margiestravel.onmicrosoft.com.

To do: add/linke sample forward instructions for common mail providers

Step 7: Move mailbox contents

Since there are only two users to move, and since Margie and Mike are both using Outlook today, the email can simply be moved by opening the old .PST file in the new Outlook profile and copying the messages, calendar items, contacts, etc.  One pushed to the proper locations in the Office 365 mailbox, the items can all be accessed from any device, anywhere.

When more mailboxes are involved -- and particularly when the employees are not already using Outlook -- you may wish to consider the Simple Migration tools available in Exchange Control Panel.

For all mailbox migration options and considerations see the E-Mail Migration Overview.