Microsoft Defender for Office 365: DMARC Handling

Microsoft has recently announced changes to how it handles DMARC p=reject and p=quarantine, in order to better protect its customers from domain spoofing attacks and improve email deliverability. For enterprise customers, updates to DMARC policy-based reject handling will be made, enabling security administrators to choose how DMARC policy-based reject and quarantine are applied within their organization. Meanwhile, for consumer services, any email that fails DMARC validation will be dropped and not delivered to the recipient's inbox, ensuring that only emails from verified senders are delivered. These changes will take effect from late April 2023, with rollout expected to be complete by mid-May 2023 for the standard service, and mid-June 2023 for Gov Cloud. Enterprise customers should note that the new setting to honor DMARC policy within the Anti-Phishing policy will be disabled by default, but can be tweaked to either "reject" or "junk" messages. Prior to enabling this setting, administrators may want to review spoof intelligence insights to identify legitimate senders who are sending DMARC reject or quarantine emails.

For those seeking to stay abreast of these and other developments within the Microsoft 365 ecosystem, M365 Admin is an excellent resource, providing a wealth of information on news and updates concerning Office 365, Teams, Exchange, SharePoint, and other essential enterprise applications.

The post Microsoft Defender for Office 365: DMARC Handling originally appeared on M365 Admin.