{"id":5160,"date":"2024-02-17T09:02:51","date_gmt":"2024-02-17T00:02:51","guid":{"rendered":"https:\/\/m365jp.net\/?p=5160"},"modified":"2024-02-17T09:08:48","modified_gmt":"2024-02-17T00:08:48","slug":"mc711018-updated-microsoft-exchange-online-support-for-inbound-smtp-dane-with-dnssec","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2024-02-17-mc711018-updated-microsoft-exchange-online-support-for-inbound-smtp-dane-with-dnssec","title":{"rendered":"MC711018 | (Updated) Microsoft Exchange Online: Support for inbound SMTP DANE with DNSSEC"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC711018 | (Updated) Microsoft Exchange Online: Support for inbound SMTP DANE with DNSSEC<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>stayInformed<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>02\/16\/2024 23:20:42<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>01\/29\/2024 23:51:50<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>09\/06\/2024 07:00:00<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<p style=\"\">Updated February 16, 2024: We have updated the content below for clarity Thank you for your patience.<\/p>\n<p style=\"\">We are adding support for DNS-based Authentication of Named Entities (or DANE) for SMTP and Domain Name System Security Extensions (DNSSEC) for inbound mail to Exchange Online. DANE for SMTP is a security protocol that uses DNS to verify the authenticity   of the certificates used for securing email communication with TLS and protecting against TLS downgrade attacks. DNSSEC is a set of extensions to DNS that provides cryptographic verification of DNS records, preventing DNS-spoofing and adversary-in-the-middle   attacks to DNS.<\/p>\n<p>This message is associated with Microsoft 365 Roadmap ID <a href=\"https:\/\/www.microsoft.com\/microsoft-365\/roadmap?filters=&amp;searchterms=63213\" target=\"_blank\" rel=\"noopener\">  63213<\/a>.<\/p>\n<p>  <\/p>\n<p>[When this will happen:]  <\/p>\n<p>Public Preview: We will begin rolling out late March 2024 and expect to complete by late April 2024.  <\/p>\n<p>Standard Release: We begin rolling out late June 2024 and expect to complete by late July 2024.<\/p>\n<p>[How this will affect your organization:]  <\/p>\n<p>Inbound SMTP DANE with DNSSEC will be off by default. If you do not want to enable the feature, you do not need to do anything.<\/p>\n<p>If you want to enable the feature, please follow the documentation using Exchange PowerShell. When the feature is released, the documentation will be in the  <i>How can Exchange Online customers use SMTP DANE inbound<\/i> section of <a href=\"https:\/\/learn.microsoft.com\/purview\/how-smtp-dane-works?view=o365-worldwide#how-can-exchange-online-customers-use-smtp-dane-inbound\" target=\"_blank\" rel=\"noopener\">  How SMTP DNS-based Authentication of Named Entities (DANE) secures email communications | Microsoft Learn<\/a>. By the end of 2024, we will release a new experience for enabling DNSSEC and SMTP DANE without using PowerShell.<\/p>\n<p>  <\/p>\n<p>[What you need to do to prepare:]<\/p>\n<p>  <\/p>\n<p>Review your domain configuration internally to ensure you won\u2019t be impacted by any of the limitations below, and visit  <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/implementing-inbound-smtp-dane-with-dnssec-for-exchange-online\/ba-p\/3939694\" target=\"_blank\" rel=\"noopener\">  Implementing Inbound SMTP DANE with DNSSEC for Exchange Online Mail Flow &#8211; Microsoft Community Hub<\/a>&nbsp;for more detailed information on limitations:<\/p>\n<ul>\n<li>Not supported: Fully delegated domain, onmicrosoft.com domains, and domains purchased from Microsoft known as \u201cviral\u201d or self-service sign-up domains  <\/li>\n<li>Supported with risk: 3rd-party gateways, connectors, and integration with hybrid mail flow (ex. if you are using a connector to smarthost to a domain that you want to enable with DNSSEC, you need to update the smarthost name for that connector [ex. contoso-com.mail.protection.outlook.com]   to match the new MX record that will be provided during DNSSEC enablement or, preferably, to match the tenant&#8217;s onmicrosoft.com domain [ex. tenant-name.onmicrosoft.com] before enabling the feature.)<\/li>\n<\/ul>\n<p>  <\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC711018 | (Updated) Microsoft Exchange Online: Support for inbound SMTP DANE with DNSSEC Classification stayI [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5160","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/5160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=5160"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/5160\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=5160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=5160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=5160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}