{"id":7711,"date":"2024-05-23T09:56:34","date_gmt":"2024-05-23T01:56:34","guid":{"rendered":"https:\/\/www.jameseduard.com\/?p=7711"},"modified":"2024-05-23T09:56:34","modified_gmt":"2024-05-23T01:56:34","slug":"how-to-add-dkim-and-dmarc-for-onmicrosoft-com-domain-in-microsoft-365","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=7711","title":{"rendered":"How to Add DKIM and DMARC for onmicrosoft.com Domain in Microsoft 365"},"content":{"rendered":"\n\n\n<p class=\"wp-block-paragraph\">Ensuring the security and authenticity of your emails is crucial for protecting your organization from phishing and spoofing attacks. DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting &amp; Conformance) are two essential protocols for email security. This guide will walk you through the steps to add DKIM and DMARC for your onmicrosoft.com domain in Microsoft 365.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step-by-Step Guide to Add DKIM and DMARC for onmicrosoft.com Domain in Microsoft 365<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisites<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Before you start, ensure you have the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Admin access to your Microsoft 365 account.<\/li>\n\n\n\n<li>Access to your DNS hosting provider to update DNS records.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Enable DKIM in Microsoft 365<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">1.1 Access the Microsoft 365 Admin Center<\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open your web browser and go to the <a href=\"https:\/\/admin.microsoft.com\/\">Microsoft 365 Admin Center<\/a>.<\/li>\n\n\n\n<li>Sign in with your admin credentials.<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\">1.2 Navigate to DKIM Settings<\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the left-hand navigation pane, select <strong>Show all<\/strong> to expand the menu.<\/li>\n\n\n\n<li>Go to <strong>Security<\/strong> and then select <strong>Threat management<\/strong>.<\/li>\n\n\n\n<li>Click on <strong>Policy<\/strong> and choose <strong>DKIM<\/strong> under the <strong>Email authentication<\/strong> section.<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\">1.3 Configure DKIM for your Domain<\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Select your onmicrosoft.com domain from the list.<\/li>\n\n\n\n<li>Click <strong>Enable<\/strong> to start the DKIM configuration process.<\/li>\n\n\n\n<li>Microsoft 365 will prompt you to add CNAME records to your DNS provider. Note down the provided CNAME values.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Add DKIM CNAME Records to Your DNS Provider<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to your DNS hosting provider\u2019s portal.<\/li>\n\n\n\n<li>Navigate to the DNS management section for your onmicrosoft.com domain.<\/li>\n\n\n\n<li>Add two CNAME records using the values provided by Microsoft 365:\n<ul class=\"wp-block-list\">\n<li><strong>Record 1:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Name: <code>selector1._domainkey<\/code><\/li>\n\n\n\n<li>Type: <code>CNAME<\/code><\/li>\n\n\n\n<li>Value: <code>selector1-yourdomain-com._domainkey.yourdomain.onmicrosoft.com<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Record 2:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Name: <code>selector2._domainkey<\/code><\/li>\n\n\n\n<li>Type: <code>CNAME<\/code><\/li>\n\n\n\n<li>Value: <code>selector2-yourdomain-com._domainkey.yourdomain.onmicrosoft.com<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Save the changes to your DNS records.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Verify and Enable DKIM in Microsoft 365<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Return to the <strong>DKIM<\/strong> settings in the Microsoft 365 Admin Center.<\/li>\n\n\n\n<li>Click <strong>Refresh<\/strong> to check the status of the CNAME records.<\/li>\n\n\n\n<li>Once the records are verified, click <strong>Enable<\/strong> to activate DKIM for your onmicrosoft.com domain.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Configure DMARC for Your Domain<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">4.1 Create a DMARC Record<\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the DNS management section of your DNS hosting provider, create a new TXT record with the following details:<ul><li><strong>Name<\/strong>: <code>_dmarc<\/code><\/li><li><strong>Type<\/strong>: <code>TXT<\/code><\/li><li><strong>Value<\/strong>: <code>v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-failures@yourdomain.com; pct=100; sp=none; aspf=r;<\/code><\/li><\/ul>Replace <code>yourdomain.com<\/code> with your actual domain and modify the email addresses as needed for your reporting preferences.<\/li>\n\n\n\n<li>Save the changes to your DNS records.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Monitor and Adjust DMARC Policy<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Allow some time for the DNS changes to propagate.<\/li>\n\n\n\n<li>Monitor the reports sent to the email addresses specified in the DMARC record.<\/li>\n\n\n\n<li>Based on the reports, adjust your DMARC policy from <code>p=none<\/code> to <code>p=quarantine<\/code> or <code>p=reject<\/code> to enforce stricter handling of unauthenticated emails.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Additional Tips<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Testing<\/strong>: Start with a <code>p=none<\/code> policy to monitor email flow without impacting delivery.<\/li>\n\n\n\n<li><strong>Incremental Enforcement<\/strong>: Gradually move to stricter policies (<code>quarantine<\/code> and <code>reject<\/code>) as you gain confidence in your email authentication setup.<\/li>\n\n\n\n<li><strong>Regular Monitoring<\/strong>: Regularly review DKIM and DMARC reports to ensure ongoing email security.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Conclusion<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">By following these steps, you can enable DKIM and DMARC for your onmicrosoft.com domain in Microsoft 365, enhancing the security and integrity of your organization&#8217;s email communications. If you have any questions or need further assistance, feel free to leave a comment below.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ensuring the security and authenticity of your emails is crucial for protecting your organization from phishing and spoofing attacks. DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting &amp; Conformance) are two essential protocols for email security. This guide will walk you through the steps to add DKIM and DMARC for your onmicrosoft.com domain<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[47,76],"tags":[377,980,981,982,983,984,974,75,985],"class_list":["post-7711","post","type-post","status-publish","format-standard","hentry","category-how-tos","category-microsoft-365","tag-cybersecurity","tag-dkim","tag-dmarc","tag-dns-records","tag-email-authentication","tag-email-security","tag-it-administration","tag-microsoft-365","tag-onmicrosoft-domain"],"_links":{"self":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/7711","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7711"}],"version-history":[{"count":0,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/7711\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7711"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7711"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}