As of March 2023, Microsoft 365 has started sending aggregate DMARC reports from domains that use Microsoft-hosted MX records. This long-awaited release fixes a blindspot with inbound mail to an M365 tenant that existed; previously, where Microsoft didn’t report on DMARC results, you would miss crucial insight (and legitimate senders) that could then be blocked from sending emails once p=reject was enabled.

Now, with Microsoft’s aggregate reports, you gain visibility into:

  • Which emails sent from your domain to your M365 tenant are currently passing or failing DMARC
  • Who the senders and receivers of emails from your domain are
  • Where in the world emails are being sent from using your domain

With this insight, you gain a deeper understanding of your sending sources and their email configuration, enabling you to pinpoint and solve issues within your organization quickly before progressing to a policy of full DMARC enforcement (p=reject).

What new fields has Microsoft introduced in their reports?

Microsoft has added three new insights to the DMARC XML reports:

  • Envelope To - allowing you to track the receiving domain
  • Envelope From - allowing you to track sending domain used in the return-path
  • SPF scope - allowing you to determine if Microsoft based their SPF result on the MailFrom or the HELO command

These fields provide additional information about an organization’s email traffic so that they can better understand where shadow IT or email forwarding is occurring. This data was previously only available with OnDMARC’s unique enhanced forensic data feeds.

How is OnDMARC surfacing these new fields and why is it useful?

Thanks to quick work by our Engineering team, OnDMARC is one of the first DMARC vendors to have processed and surfaced Microsoft’s new fields in its dashboards, ensuring that our users have this new detailed data about their email domains at their fingertips. 

Domain owners need a solution like OnDMARC to process and analyze DMARC aggregate reports as Microsoft (and other reporting providers) only provide raw XMLs.

Extract of a raw XML DMARC file

OnDMARC ingests the raw XML reports and contextualizes the relevant and granular information about your sending sources in an intuitive dashboard. This visibility provides you with additional insights into your email setup so that you can make informed and more accurate configuration decisions in less time, thus decreasing the time needed to complete a DMARC implementation project.

New Microsoft DMARC fields surfaced in OnDMARC’s dashboards

How OnDMARC adds proactive defense to Microsoft 365

By using the OnDMARC platform, Microsoft 365 customers can enhance their email setup and protect against a wide range of outbound and inbound email-based threats. With our solution, customers have full visibility of their sending sources, both inbound and outbound, and can expect to reach DMARC enforcement and block malicious spoofing emails from getting to their employees, customers, and partners in as little as 4-8 weeks.

OnDMARC seamlessly plugs into the Microsoft environment and works in harmony with Microsoft Defender for Office 365 to provide a robust layered defense against advanced email threats. The Microsoft Intelligent Security Association (MISA) recognizes and lists OnDMARC as an approved integration and preferred solution in the Azure Marketplace, acknowledging it as fully complementary to Microsoft’s own email security solutions.

“At Microsoft, we look to build enduring, ongoing relationships with partners like Red Sift protecting e-mail and other hybrid work essentials. With increasingly sophisticated cyber criminals targeting email communications, the Red Sift platform helps Microsoft 365 customers to enhance the security of their systems.”

Parri Munsell, Senior Director, Microsoft Security Marketing

Ready to secure your organization’s email inboxes against phishing?