Introduction
This document describes the use of Autodiscover domains for the proper functionality of certain Microsoft applications.
Explanation
When using Microsoft Autodiscover, typically the DNS record for your Autodiscover domain is a CNAME record to Microsoft's servers. To ensure uninterrupted Autodiscover capabilities, ensure that these domains are not blocked on your network or are permitted by adding it to the Global Allow List:
- outlook.com (Webmail - but can change)
- autodiscover.outlook.com.glbdns.microsoft.com (Software/Technology, Business Services, Webmail - but can change)
You might also have to add these domains to your Global Allow List as well:
- outlook.office.com
- outlook.office365.com
- smtp.office365.com
For geolocation purposes, we recommend adding the domain outlook.com, as Microsoft has numerous subdomains utilized (https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide).
When using Office365 Hybrid mode, outlook.com must be on the internal domains list as well as on the allow list if you are blocking technology or mail categories. When activating forwarding to Umbrella, if SMTP errors ensue, ensure the relay server is routing out of the right connector.
Using Autodiscover with Virtual Appliances
If you experience Autodiscover failure, you might need to add the Autodiscover address to the internal domains list. To do so, reference our guide here.
Using Autodiscover with Roaming Clients
When using Autodiscover with Roaming Clients, please ensure that your Autodiscover domain is added to the internal domains list as explained here.
Feedback