| MC543870 | (Updated) Microsoft Defender for Office 365: DMARC Handling |
|---|
| Classification | stayInformed |
|---|---|
| Last Updated | 04/27/2023 21:09:34 |
| Start Time | 04/20/2023 00:01:43 |
| End Time | 05/04/2023 07:00:00 |
| Message Content |
Updated April 27, 2023: We are not proceeding with this rollout at this time and will communicate via Message center when we are ready to proceed. Thank you for your feedback. In order to better protect our customers from exact domain spoofing attacks and improve deliverability of email, we are making changes to how we handle DMARC p=reject and p=quarantine.
For the enterprise customers, we are also making updates to how DMARC policy-based reject can be handled. This change will help Security Administrators be able to choose how DMARC policy-based reject and quarantine can be applied within their organization. For the consumer service, this means that if an email fails DMARC validation, it will be dropped and will not be delivered to the recipient’s inbox. This change will help to ensure that only emails from verified senders are delivered to our customers’ inboxes. This message is associated with Microsoft 365 Roadmap ID 117533 [When this will happen:] We will communicate via Message center when we are ready to proceed. [How this will affect your organization:] For enterprise customers, within the actions section of the Anti-Phishing policy, the new setting to honor DMARC policy will be disabled by default. In this case, currently if DMARC p=reject, the action specified when spoof intelligence detects a message is applied. (Note: it is set to go to junk by default). Moving forward, using the updated actions for spoof intelligence settings within the Anti-Phishing policy, the recipient tenant admin will be able to choose how they want to honor DMARC policy settings. If the tenant admin chooses to enable this new setting to honor DMARC policy, by default, the action applied will be “quarantine” in case of DMARC p=reject or p=quarantine. The tenant admin can change it as desired to either “reject” or “junk” the message instead (respectively). [What you need to do to prepare:] If you wish to honor DMARC, before turning on the feature, you may choose to review spoof intelligence insight to identify legitimate senders who are sending DMARC reject or quarantine emails. Based on your organization’s email sending business, you may override the sender domain pairs to the Tenant allow block lists – Spoofed Senders. You may want to notify your users about this change and update your training and documentation as appropriate. |