I’m at an airlift here in Redmond for the new Microsoft Online Services (MOS), Microsoft’s hosted services platform. Right now, MOS offers a combination of hosted Exchange (OWA, Outlook, and even EAS!), hosted SharePoint, and Live Meeting. We’ve just gone through an overview of the service, and it looks cool — enough so that I’m now seriously considering switching my personal domains over to it (especially since they offer the ability to synchronize with your Active Directory deployment).
MOS is currently in beta and you can go sign up for a time-limited trial. There’s only a certain number of trial accounts active at any given time, so your trial request may not be provisioned immediately; however, you can go to https://mocp.microsoftonline.com and sign up for one. You’ll need a Windows Live account.
As you might imagine, MOS allows you to associate one or more DNS domains with your online account. When you register for your account, you’re asked for a domain. This domain is not verified and, in fact, seems to be used simply as an internal administrative tag — once your account and service is set up, you have to specifically add DNS domains. Adding them is a fairly simple process:
- Register your domain name with a registrar.
- Provision your domain with a DNS provider (often combined with step 1).
- Add the domain name to your MOS Admin Center.
- Run the verification wizard and add the auto-generated CNAME to your domain’s DNS zone.
- Validate the domain in the MOS Admin Center.
- Start provisioning users with this domain, enable inbound e-mail on this domain, etc.
The verfication step is an important piece, because this helps MOS make sure that you’re using a domain you’re actually in control of. Otherwise, malicious people could sign in and hijack your domain, which would suck. The way Microsoft does this is actually simple and elegant: they generate a unique CNAME record (that looks very much like a GUID), and ask you to add this CNAME record, pointing back to a server under their control, to your zone. This has lots of advantages:
- It’s pragmatic. If you can add a CNAME record to a zone file, you effectively control the domain.
- It avoids the nastiness that can result in WHOIS-based verification and allows people who register domains to continue using proxy companies, hiding their personal info from WHOIS spammers.
- It’s relatively easy. You simply have to add a simple record to your DNS; if you can’t do this (or your DNS hoster can’t do it for you), then you have much bigger problems managing your DNS and verifying your DNS domain under MOS is the least of your problems.
- It’s low-impact. The generated CNAME is highly unlikely to be queried during normal operations by your users; only MOS is likely to be looking for it. It doesn’t require you to repoint your MX records or otherwise make major modifications to your infrastructure if all you want to do is start using online SharePoint and Live Meeting.
Note that just because you add a domain to MOS doesn’t mean you have to use it for email! That’s a separate operation, which is a two-step process of enabling inbound email for that domain and then updating your MX records appropriately.
More on other MOS functionality coming later…big thanks to the event staff for their kind permission for me to blog!