Transcript of Setup DMARC SPF and DKIM for Microsoft Office 365 in Just 5 Minutes!

if you're using Microsoft Office 365 for your domain securing your email with Demar SPF and dkim is essential in today's video I'll guide you through the steps set up dmar for Office 365 and explain why it's so important dmar SPF and deim are email authentication protocols that prevent email spoofing and fishing by ensuring that only legitimate senders can use your domain this is equally crucial for businesses using Office 365 we're protecting both your internal Communications and customer trust is a priority so let's get started on your Office 365 email authentication setup for this setup you would need access to the Microsoft Defender portal and also access to the DNS so on the Microsoft documentation you'll be able to see the different scenarios that are covered by SPF so for example you can have it be your only sending Source where you would simply have to include this SPF uh include scrolling down you'll see the second scenario where you would have a an existing Source or IP address and you want to add in the SPF include statement so in this case this is similar to the case that we have here so I'll go ahead and copy the full include statement for the SPF for Microsoft and then paste that into my DNS taking the include statement from the Microsoft documentation I have went ahead and copied it into my txc value for my SPF record once I check the syntax is correct I can go ahead and Save save this record so that way I will have enabled SPF signing for all my emails so go ahead and do that now and once this record is saved your emails will now become Demar compatible as they will be hopefully passing SPF to publish Microsoft deim if you head over to the Microsoft Fender portal you'll be able to generate your DM records which are two cname selectors in this case and publish them on the DNS to get to the correct page under the homepage you should go to the left side panel go to email and collaboration and click policies and rules from here you would have to go to the threat policies page and then head over to find the correct page for deim so once this page loads you'd have to go to the email authentication settings where you can see the deim key up here so once selected it will show you all the domains registered under your account select the domain that you would like to configure the DM keys for once that's done if you have no existing records and this process has been done before you can create your deim keys so this will then tell Microsoft to generate the keys for you and once that's done you can go ahead and copy them into the DNS in the correct manner to configure DM successfully so there we go we can see that we need to publish two cname selectors with the this host name these and this value so once that's done we'll be able to then validate this publication by enabling this setup and that will show us that deim has been correctly enabled for added security you can also rotate the DM keys so that it rotates between selector 1 and selector 2 for Microsoft sending sources as an added layer of protection so let's head on over to the DNS and configure this DM key so on my DNS I would like to now publish the DM key so the name here will be the selector 1.or domain key and the value would be the value that was generated by the Microsoft Fender portal so I'll go ahead and copy those over now with both records now copied in I will save all the records to add them into my DNS and then giving it some time to propagate on the DNS I will then go back to the defender portal to validate the changes that I just made now that I've published both selectors for my Microsoft deim I can go ahead and enable the service so this will do it will authenticate that I have correctly published deim for my domain so now I can see that this is enabled and as an added layer of security I will also rotate the DM Keys what this does is that it will alternate between selector 1 and selector 2 for added security measures so once that's done loading we have successfully enable deim for my domain now that we have configured both SPF and deim we can go ahead and configure dmark you can use a dmark generator to generate the dmark record this way you'll be able to then publish a dmark record with the Rua and Ruf tags set to whatever you would like to receive the Aggregate and forensic reports so go ahead and publish one from Power DeMark and show you an example of what that would look like having pasted in the name and value from the dmark record generator I can go ahead and publish This Record to start enabling my dmark service starting off at the recommended value of P equals none once done with alignment I can then upgrade the policy to maximum enforcement to fully protect my domain against any potential spoofing attacks and that's it you've successfully set up the email authentication protocols for your Office 365 domain which means you've added a powerful layer of security to your email Communications with this setup you've made it much harder for cyber criminals to impersonate your domain protecting both your brand and your recipients from fishing attacks and fraud if you found this guide helpful make sure to hit the like button subscribe and turn on your notifications for more helpful content on email authentication and domain security thank you for watching and see you in the next video