How to Configure Azure Custom Domain for Email and Web

To configure an Azure custom domain for email, you'll need to set up a TXT record with your domain registrar. This is a one-time process that involves adding a specific record to your domain's DNS settings.

The TXT record is used to verify your domain ownership with Azure. This is a crucial step in the process, as it allows Azure to verify that you're the owner of the domain.

To start, navigate to the Azure portal and select your Azure account. From there, click on the "Custom domains" tab and select the domain you want to configure.

Once you've selected your domain, click on the "Add a TXT record" button and enter the required information. This includes the record name, type, and value, which can be found in the Azure portal under the "Custom domains" tab.

To set up an Azure custom domain, you'll need to provision a custom domain by verifying ownership through a TXT record in your DNS.

First, you'll need to add a TXT record in your DNS to verify ownership of the custom domain. This is a crucial step to ensure that your domain is properly configured.

To create a Domain resource, sign in to Azure CLI using the az login command and provide your credentials.

When creating a Domain resource, you'll need to specify the resource group name, Email Communication Service name, resource name, and DomainManagement property.

You can configure your Domain resource with the following options: the resource group, the name of the Email Communication Service resource, the geography the resource will be associated with, the name of the Domain resource, and the value of the Domain management property.

To create the Domain resource, you can run the following command in the Azure CLI: az domain create, but you'll need to specify the required options.

Here are the options you can configure when creating a Domain resource:

Once you've created the Domain resource, you can assign tags to organize your resources and update user engagement tracking.

To configure sender authentication for your custom domain, you'll need to add specific Domain Name Service (DNS) records. This process can be a bit tricky, but Azure Communication Services provides records for you to add to your DNS.

There are four different methods for adding these records to the DNS, depending on the level of the zone where you're adding the records. You can find the required records for your custom domain in the Azure portal, which will assume you're adding them to the DNS in that zone.

Here are the specific records you'll need to add for a custom domain like sales.us.notification.azurecommtest.net:

These records may need to be adjusted depending on the level of the zone where you're adding them.

Configure Sender Authentication is a crucial step in setting up your custom domain. You need to add Domain Name Service (DNS) records to your domain's zone.

To add these records, you'll need to create four different types of records: SPF, DKIM, DKIM2, and another DKIM record. Each type of record has a specific name, type, and value.

The records generated by the portal assume you're adding them to the DNS in the zone sales.us.notification.azurecommtest.net. However, depending on the level of the zone, you may need to add the records to a different zone or make changes to the automatically generated records.

Here are the specific records you'll need to create:

You can also add records to different zones, such as us.notification.azurecommtest.net, sales.us.notification.azurecommtest.net, and sales.us.notification.azurecommtest.net. Each zone will have its own set of records, but the values will be the same.

Managed domains are quick and easy to set up, requiring no domain verification. This is a big plus for those who want to get started fast.

Custom domains, on the other hand, require verification of domain records, which can be a longer process.

One of the main benefits of managed domains is that setup is a breeze. However, this convenience comes with some limitations. For example, sender domain isn't personalized and can't be changed.

In contrast, custom domains allow for personalized sender usernames, which can be a nice touch for businesses that want to brand their emails.

However, managed domains have some restrictions, including limited sending volume and the inability to enable User Engagement Tracking. Custom domains, while more flexible, require a bit more effort to set up.

Here's a summary of the key differences:

To verify your custom domain in Azure, you need to add a TXT record in your DNS. This process can take anywhere from 15 to 30 minutes to take effect.

You can verify domain ownership by adding a TXT record to your domain's registrar or DNS hosting provider. Refer to the TXT records section for information on how to add a TXT record for your DNS provider.

To cancel domain verification, you can run a specific command. However, this is not explicitly mentioned in the instructions.

DNS changes require 15 to 30 minutes to take effect, so be patient and don't rush the verification process.

To verify that your custom domain is correctly referenced to your endpoint, ensure that your application content is being served by using a browser.

You can delete the TXT record after your custom domain is validated and configured in App Service.

Here are the steps to create the TXT record:

After verifying your custom domain, you can add your SPF and DKIM records to authenticate your domains.

Here's a summary of the verification process:

To configure sender authentication for your custom domain, you'll need to add DNS records to your domain's DNS zone. This process can be a bit tricky, but don't worry, I'll walk you through it.

You'll need to add TXT, SPF, and DKIM records to your DNS zone. These records will help verify that you own the custom domain and ensure that your emails are sent from a trusted source.

To add SPF records, you'll need to create a TXT record with the value "v=spf1 include:spf.protection.outlook.com -all". This record will specify which servers are allowed to send emails on behalf of your domain.

DKIM records are also essential for sender authentication. You'll need to create two CNAME records with the values "selector1-azurecomm-prod-net._domainkey" and "selector2-azurecomm-prod-net._domainkey" pointing to "selector1-azurecomm-prod-net._domainkey.azurecomm.net" and "selector2-azurecomm-prod-net._domainkey.azurecomm.net" respectively.

The good news is that Azure Communication Services provides pre-generated records for you to add to your DNS zone. However, you'll need to adjust these records depending on whether your domain is a root domain or a subdomain.

Here's a table to help you understand the different record types and their corresponding values:

Remember to use your own values from the Azure portal instead of the examples provided. This will ensure that your DNS records are correctly configured for your custom domain.