When you installed your O365 tenant, maybe you forgot about it if it's been a while, Microsoft reserved a domain for you :
- xxxx.onmicrosoft.com (MOERA - Microsoft Online Email Routing Address).
For instance at Oppidum Security : oppidumsecurity.onmicrosoft.com
Your users can therefore receive e-mails on their addresses:
However, you probably don't use this domain to send email. Nevertheless, just like your defensive domains, you can protect it with DMARC by setting up a DMARC record:
- Open the Microsoft 365 admin center at https://admin.microsoft.com.
- On the left-hand navigation, select Show All.
- Expand Settings and press Domains.
- Select your tenant domain (for example, contoso.onmicrosoft.com).
- On the page that loads, select DNS records.
- Select + Add record.
- A flyout will appear on the right. Ensure that the selected Type is TXT (Text).
- Add _dmarc as TXT name.
- Add your specific DMARC value.
- Press Save.
For example, to monitor and protect our domain oppidumsecurity.onmicrosoft.com against spoofing of its email addresses, below is the DMARC record we have configured :
After the DMARC policy has been set to restrictive mode, an email spoofing a xx@oppidumsecurity.com address is automatically sent to the spam folder of our collaborators (other actions are possible like rejecting the email)