Accepted Domains - Authoritative or Internal


Start course
1h 44m

Microsoft 365 represents a combination of Office 365, Windows 10 and Enterprise Mobility offerings – providing the most complete set of SaaS technologies that Microsoft has to offer. With Microsoft 365, organizations can deploy a complete solution encompassing both devices and applications, along with applying security and compliance policies to protect the entire suite.

This course will help you as you plan your deployment of Microsoft 365, along with configuring and managing your tenant once it’s deployed. It also covers setting up and managing a Microsoft 365 subscription for an enterprise – including managing identities, security, compliance and the supporting technologies in the Microsoft 365 stack.

This course focuses mainly on setting up and managing a Microsoft 365 tenant – including the process for setting up a trial tenant, adding your own domains, and converting your tenant beyond the trial to a fully functional production environment. Now, these steps can seem to be very easy – just click a few options, answer a few questions, and you’re done. In fact, it is that easy! However, if you’re not aware of the big picture and asking some important questions along the way, you can end up painting yourself into a corner and causing problems down the road. At best, you might need to redo some things, at worst, you leave yourself with problems on your hands that might be difficult to sort out later.

After you’re set up, we’ll move on to talking about some of the things you need to consider in your day to day monitoring and management of your Microsoft 365 Tenant and the services that make it up. We’re also going to run through a few demos – showing you some of the practical steps involved, along with some tips and tricks we’ve picked up along the way.

Learning Objectives

  • Set up a new Microsoft 365 tenant and subscription
  • Add domains to the tenant and configure them for the various service offerings
  • Perform the day to day management of your users, including managing user accounts and license assignment
  • Know how to monitor the various services in your M365 tenant and have a plan in place to respond to service alerts and manage service requests

Intended Audience

This course is intended for people who:

  • Want to become a Microsoft 365 administrator
  • Are preparing to take the Microsoft’s MS-100 exam


To get the most from this course, you should have a general understanding of networking & server administration as well as IT fundamentals such as DNS, Active Directory and PowerShell.


Ever since Exchange 2007, we've had this concept of accepted domains in our Exchange organizations and there can be three types: authoritative, internal relay, and external relay. Let's break that down quickly so you know what you need to consider when you're adding your domains to Exchange Online. 

An authoritative domain, is a domain that your Exchange organization hosts all the mailboxes for, any email that gets sent to a mailbox, mail user, or contact that Exchange, doesn't know about will be rejected. You can have multiple authoritative domains, and this is the default setting when you add a domain in Microsoft 365. It gets configured in Exchange Online as authoritative for that domain and Exchange Online expects to be the only organization with those mailboxes. Even in a hybrid scenario, Exchange Online is aware of your on-premises mailboxes, and the Exchange hybrid will configure running inbetween the two so everything will still work as intended. 

An internal relay domain, is an email domain, where Exchange holds some, but not all of the mailboxes for that domain. This means that if Exchange Online doesn't recognize the recipient of an email that it receives, it will forward that email on to your other mail server rather than rejecting it. When an email comes in that Exchange Online is not hosting, it will look to see if it has the send connector configured for that domain, and route the email through it. If you haven't configured a specific connector for this domain, Exchange will simply route the email out through the internet and allow the MX records to do the routing. It's important to note that you don't need to configure a specific connector when your domain is an internal relay domain. But if you change your MX records to point to Exchange online already, then you'll need a connector set up to route to your external mail host. If you don't do this step it will create a mail loop and the email will not be delivered. This is important to remember if you're configuring Office 365 to co-exist, with a migration from a third-party hosting provider like Google Mail, or even a third-party hosted Exchange system, that you won't be able to configure an Exchange hybrid connection to. This scenario is sometimes considered a shared SNTP namespace. The third type of domain is an external relay, and it is typically used when an Exchange server will receive email for a domain, but doesn't host any of the mail boxes. 

In this scenario, Exchange will simply route all email it receives to the authoritative Exchange servers. This type of domain is used primarily by ISPs, or when you're configuring Edge Transport servers on your internal Exchange organization. While it's good to know when, and where this option will come up, all you really need to keep in mind is that you can't configure domains for external relay in Exchange Online. The only two options available to you are authoritative and internal relay.

About the Author

Jeremy Dahl is a Senior Technology Consultant who has spent the last 8 years focusing on Microsoft 365 technologies and has been an Office 365 MVP for the last 6 years. Jeremy is a self-proclaimed cloud addict who architects technology solutions that combine cloud technologies with on-premises solutions, allowing organizations to make the most of their existing infrastructure while still taking full advantage of the agility and scalability of what the cloud has to offer.

Jeremy can be found blogging about Microsoft 365 technologies on his website,, and evangelizing the Microsoft cloud on Twitter.