You need to be able to add your Microsoft "" domain to the Cloud Service for Email


Article ID: 206244


Updated On:


Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Package


You are using the DLP Cloud Service for Email and need to add your Microsoft administrative domain (i.e., "") to the listed of Validated Domains for your Detector.

You need to know how to get the required TXT record for this domain updated, since you don't own the "" domain.



In order to add any domains to the DLP configuration, you need to be able to add a specific domain validation code as a TXT record for the domain.




Release : 15.7

Component :

This solution is only required if both of the following are true:

  1. You are using the DLP Cloud Service for Email in O365 Reflecting mode (message sent back to O365 after DLP inspection is complete).
  2. You have set "" (instead of "") as the primary domain in O365 Admin Center.


Using the O365 Admin Center, it is possible to add a specific TXT record as a "Custom" record for your domain.

  1. Login as an O365 Admin, and go to Domains > (choose the domain) > DNS records.
  2. Click "+Add record" to create a new Custom record.
  3. For "Name" enter an "@" symbol.
  4. The "value" should be your domainValidationCode as found in the Welcome Email for the Cloud Service for Email (it's also visible for the Detector entry in the Enforce Service UI).
  5. The TTL should be 1 Hour.

On saving the changes, wait for DNS to populate the update. This can be checked via NSLOOKUP of the TXT record, as we as via the website.