Knowledge Base

How to Enable DKIM Records in Microsoft 365?

Enabling DKIM (DomainKeys Identified Mail) in Microsoft 365 is a key step in protecting your domain against spoofing and phishing. Here’s a step-by-step guide on how to enable DKIM in the Microsoft 365 admin center:

Step 1: Sign In to Microsoft 365 Admin Center

• Go to: https://admin.microsoft.com
• Sign in with your admin credentials.

Step 2: Open Microsoft Defender Portal

DKIM settings are managed in Microsoft Defender:

1. Navigate to: https://security.microsoft.com
2. In the left-hand menu, click “Email & collaboration”.
3. Select “Policies & rules” > “Threat policies”.
4. Under “Policies”, choose “DKIM”.

Step 3: Select Your Domain

• You’ll see a list of domains.
• Click on the domain you want to configure DKIM for.

Step 4: Add CNAME Records to DNS (if not already done)

Before enabling DKIM, you need to add two CNAME records to your domain’s DNS host (like GoDaddy, Namecheap, Cloudflare, etc.).

selector1._domainkey.yourdomain.com → selector1-yourdomain-com._domainkey..onmicrosoft.com
selector2._domainkey.yourdomain.com → selector2-yourdomain-com._domainkey..onmicrosoft.com

• Replace yourdomain.com with your actual domain.
• Replace <initial-domain> with your Microsoft 365 tenant domain (e.g., contoso.onmicrosoft.com).

📌 Microsoft will show you the exact values needed for your domain.

After adding these, wait for DNS propagation (can take a few minutes to a few hours).

Step 5: Enable DKIM

Once your DNS records are live:

1. Return to the DKIM page.
2. Click “Enable” next to your domain.

Step 6: Confirm DKIM is Working

• You can send an email to an external address (like Gmail) and view the message headers.
• Look for a line like:

Authentication-Results: … dkim=pass …