For as long as I can remember the domains tab in the Microsoft 365 Administration Center for GCC-High tenants was intentionally hidden. I have previously written this article highlighting this and explaining the background -> Microsoft 365 GCC High Tenants and Missing Domains | TIMMCMIC.
Now that the domains tab is present administrators have access to the proper and accurate DNS records associated with the domains successfully verified in the tenant. One thing that Microsoft 365 administrators are noting is that the DNS records recommended do not match the previous documentation published here -> Domain Name System (DNS) records for Office 365 Government Community Cloud (GCC) High – Microsoft 365 Enterprise | Microsoft Learn. Administrators are noting differences in the MX records and enterprise enrollment cnames.
In our prior guidance administrators had to calculate the MX record manually for GCC High adoption. This process was simplified to take the onmicrosoft.us domain name prefix and append it to the known suffix for Exchange Online. This same MX record would then be utilized for all domains registered in the GCC High tenant. With the presence of the domains tab the MX records are now calculated in the same fashion as commercial tenants. This format follows domain-com.mail.protection.office365.us. For existing tenants, it is not a requirement to update or change the MX records as this time. For new tenants, I would recommend following the format displayed in the Microsoft 365 Admin Center.
Our prior guidance for DNS records also did not address enterprise enrollment and automatic Intune discovery. Administrators would have had to refer to separate documentation for the correct CNAME records for enterprise enrollment. This CNAME record is now included automatically in the domains tab – dns records display.
In addition to the domains tab now being present, accurate records are returned by the Microsoft Graph command to enumerate DNS records. Get-MgDomainServiceConfigurationRecord (Microsoft.Graph.Identity.DirectoryManagement) | Microsoft Learn (Get-MgDomainServiceConfigurationRecord (Microsoft.Graph.Identity.DirectoryManagement) | Microsoft Learn) will enumerate DNS records for you. It’s important to note that some records enumerated have been deprecated such as the MSOID record.