Microsoft Office 365 requires special configuration actions outside of Authenticate. Please follow these steps to complete configuration for Microsoft Office 365, and then return to your automation-guided task list in Authenticate.


1. Make sure you have added Microsoft Office 365 as an 'Approved Sender' in Authenticate for the domain you are configuring it for.


Note: If Microsoft Office 365 has not been approved, please do so now by following the steps below.


  1. From the Senders section, click on '+ ADD SENDER FOR [your domain]'. 
  2. Choose 'Microsoft Office 365' from the Service Name drop-down, and click 'ADD'. 


2. Enable DKIM signing for your custom domain. This can be done from the Microsoft Office 365 Exchange admin center, or through PowerShell. Below you will find the steps for the Classic and the New Exchange admin center, as well as the commands to enable DKIM signing trough PowerShell:


If you're using the 'Classic Exchange admin center', follow these steps:
 

  1. Sign in to Microsoft Office 365 with your admin account.
  2. Select the app launcher icon in the upper-left and choose 'Admin'.


  3. In the lower-left navigation, expand 'Admin' and choose 'Exchange'. 
  4. Go to 'protection' > 'dkim'.


  5. Select the domain for which you want to enable DKIM and then, for Sign messages for this domain with DKIM signatures, choose 'Enable'.


Note: If the DKIM keys have not been properly published, you will see an error similar to the one below:


If you see this error when enabling the DKIM in Microsoft Office 365, remove any existing selector1 and selector2 DKIM keys in Authenticate and add new ones based on the error message. Note that these DKIM keys must be added as CNAME Type as shown below:



Here's a detailed guide on how to publish and manage DKIM keys in Authenticate: DKIM Key Management in Authenticate


Once the proper set of DKIM keys have been added in Valimail, go back to the step 2e in order to enable DKIM from the Microsoft Office 365 admin center.


If you're using the 'New Exchange admin center', follow these steps: 


  1. Sign in to Microsoft Office 365 with your admin account.
  2. Select the app launcher icon in the upper-left and choose 'Compliance'.


  3. In the lower-left navigation, choose 'More resources', and click on Open under 'Office 365 security & compliance'.


  4. Go to 'Threat management' > 'Policy' > 'DKIM'.


  5. Select the domain for which you want to enable DKIM and then, for Sign messages for this domain with DKIM signatures, choose 'Enable'.




Publish the two CNAME records and enable DKIM signing for your custom domain by using PowerShell.


  1. Connect to Exchange Online PowerShell. For more information about this step, use the guide here
  2. Run the following commands to create the selector records where the domain is the name of the custom domain that you want to enable DKIM signing for.

    New-DkimSigningConfig -DomainName <domain> -Enabled $false
    Get-DkimSigningConfig -Identity <domain> | Format-List Selector1CNAME, Selector2CNAME

  3. Add the DKIM keys in Authenticate following this guide Adding a DKIM Key in Valimail. The selectors will always be 'selector1' and 'selector2'.

  4. Enable DKIM signing by running this command in PowerShell where <domain> is the name of the custom domain that you want to enable DKIM signing for.

    Set-DkimSigningConfig -Identity <domain> -Enabled $true

     

  5. For example, for the domain exampleesp.com:

    Set-DkimSigningConfig -Identity exampleesp.com -Enabled $true



    3. Once you’ve completed these steps, you can begin sending authenticated email using Microsoft Office 365