https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dkim-configure



First, set up CNAME records. The DOMAIN is the domain being protected with the dots replaces with dashes.


  • selector1._domainkey -> selector1-<DOMAIN>._domainkey.<MAIN MS ONMICROSOFT DOMAIN>
  • selector2._domainkey -> selector2-<DOMAIN>._domainkey.<MAIN MS ONMICROSOFT DOMAIN>


Then, follow the following steps

  1. Go to https://admin.microsoft.com/
  2. All Admin Centers -> Security to open Defender
  3. Email & Collaboration -> Policies & rules -> Email authentication settings
  4. Select the DKIM tab
  5. Enable keys for the domain.

If CNAME records aren't created before, it will complain.


I think CNAME records will be shown if opening the tab for the domain.