Setup Microsoft 365 DMARC, DKIM, SPF for Domain Authentication

How to Setup Microsoft 365 DMARC DNS Records?

Email authentication is a set of standards that ensure your emails come from a legitimate source and are safe to open by the recipient. This method prevents your domain from being spoofed and scammed.

Microsoft 365 blocks emails coming from forged senders with the help of email domain validation. Setting up Microsoft DMARC, DKIM, SPF, and other authentication standards can help secure domains and prevent scams.

In this article, we will guide how to setup the Microsoft 365 DNS records for domain authentication and email validation.

Add Domain in Microsoft 365:

1. In Microsoft Admin Center, click Show All.

   

2. Expand the Settings option, go to Domains, and click Add Domain.

   

3. Write down your domain name, click Use This Domain, and hit the Verify button.

   

4. Microsoft server automatically detects your DNS provider and adds the domain ownership record to your DNS dashboard - click Authorize to complete the action.

   

   Your domain is now added to Microsoft 365.

Connect Domain Automatically:

After verifying domain ownership, click Continue and connect the domain by adding Microsoft SPF, DKIM, and MX records to your domain provider.

1. In the Domain tab, click on your custom domain.

   

2. Click the Continue Setup option in the top menu bar.

   

3. Check the boxes for each record you want to add to your DNS dashboard.

4. Click the "Add DNS Records" button.

   

5. Microsoft automatically adds the selected records to your DNS dashboard - click Authorize to confirm your action.

   

6. The green tickmark next to your domain indicates that the setup is now complete.

   

Setup Microsoft 365 SPF Record Manually:

1. Click on the domain name and go to the DNS Records tab.

2. Scroll down to the Microsoft Exchange section and copy the SPF value.

3. Login to your DNS provider and go to the DNS dashboard.

   

4. Click Add Record and select record type TXT.

5. In the Name field, write "@."

6. In the Content field, add the SPF value: v=spf1 include:spf.protection.outlook.com -all.

7. Select TTL 1 Hour and click Save.

   

Merge Multiple SPF Records:

Adding more than one SPF record can cause conflicts and validation errors. If your domain has an existing SPF record from any other source, merge it with Microsoft SPF value.

1. Open the SPF merge tool.

2. Write your domain name and Microsoft 365 SPF value.

3. Click Merge SPF Values and the tool will combine both values.

   

4. Edit your existing record by replacing the previous value with the merged SPF value.

Setup Microsoft 365 DKIM Record Manually:

1. Click the domain name and go to the DNS Records tab.

2. Scroll down to the bottom of the page and there you will have two DKIM records.

   

3. In the DNS provider, select record type CNAME.

4. Copy the record name and paste it into the Name field in the DNS dashboard.

5. Copy the record value and add it to the Target field.

6. Select TTL 1 Hour.

7. Turn off the proxy status and click Save.

   

Setup Microsoft 365 DMARC Record:

When connecting your domain to Microsoft 365, you can utilize the DmarcDkim.com DMARC check tool. It helps you implement a strict policy and gives insights into your email activity. You can sign up at the portal to access the DMARC Reports and Analytics dashboard.

1. Go to DMARC Check Tool.

2. Add your domain name and click Check.

   

3. Copy the Record name and Suggested value and add them to your DNS dashboard.

   

4. Click Sign up now to access the reports dashboard.

For support and assistance, contact a DmarcDkim.com expert.