Otherwise known as the benefits of DMARC in your environment
"If you use Microsoft 365 as your email solution, you don’t have to do anything to set up DMARC for incoming mail."
This isn't entirely true. Microsoft will not honor a DMARC reject policy for incoming mails. So malicious mails that fail DMARC might just end up in your inbox, junk or in quarantine. Also see https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dmarc-configure?view=o365-worldwide#how-microsoft-365-handles-inbound-email-that-fails-dmarc
Improvements are on the way: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide#spoof-protection-and-sender-dmarc-policies
But didn't see it yet in my tenant. It's a good idea to reject mails failing DMARC coming from a domain with a reject policy - by using the option in preview, or by enabling a custom mail flow rule.
Love the feedback, Tom. We have it documented here - https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dmarc-configure?view=o365-worldwide#set-up-dmarc-for-inbound-mail. If you find that isn't true, lets comment on the docs and see if we can get some changes.
Need help setting up DMARC for your custom domain so you can utilize Microsoft 365's built-in DMARC protection? Visit the Microsoft Intelligent Security Association (MISA) catalog to view third-party vendors offering DMARC reporting for Microsoft 365: https://www.microsoft.com/misapartnercatalog?IntegratedProducts=DMARCReportingforOffice365
"If you use Microsoft 365 as your email solution, you don’t have to do anything to set up DMARC for incoming mail."
This isn't entirely true. Microsoft will not honor a DMARC reject policy for incoming mails. So malicious mails that fail DMARC might just end up in your inbox, junk or in quarantine. Also see https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dmarc-configure?view=o365-worldwide#how-microsoft-365-handles-inbound-email-that-fails-dmarc
Improvements are on the way: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide#spoof-protection-and-sender-dmarc-policies
But didn't see it yet in my tenant. It's a good idea to reject mails failing DMARC coming from a domain with a reject policy - by using the option in preview, or by enabling a custom mail flow rule.
Love the feedback, Tom. We have it documented here - https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dmarc-configure?view=o365-worldwide#set-up-dmarc-for-inbound-mail. If you find that isn't true, lets comment on the docs and see if we can get some changes.
Need help setting up DMARC for your custom domain so you can utilize Microsoft 365's built-in DMARC protection? Visit the Microsoft Intelligent Security Association (MISA) catalog to view third-party vendors offering DMARC reporting for Microsoft 365: https://www.microsoft.com/misapartnercatalog?IntegratedProducts=DMARCReportingforOffice365