Upcoming sync change to the Customer Portal:
Any external "placeholder" user accounts created by Microsoft from your O365 tenant will no longer sync to the Zix/Appriver Customer Portal.
These are external "placeholder" user accounts listed with the following unique format – example user - msallmen_example.com#EXT#@jackyandpeaches.onmicrosoft.com
Q: What are these external user accounts for?
A: When an active O365 user shares data externally with an external user, for example a SharePoint site, once the external user accesses the shared data, Microsoft will automatically create an external "placeholder" account in the O365 tenant user list for that external user.
Once created, the account would sync over to the Zix/Appriver Customer Portal as unlicensed. If you selected the user from the Customer Portal, you would receive an error message. This is because these users do not have any options or settings available to manage from the Customer Portal.
If you need to view or manage external users, please log into the O365 admin center to access the account from the O365 tenant user list.
A new Microsoft Security Update is being rolled out to Hosted Exchange to secure a new zero-day vulnerability. Microsoft states the update could impact the following short term:
1. Search errors in Outlook Desktop: Microsoft has linked an article regarding this error and provided registry change fixes to resolve the issue - Search error in Outlook cached mode after installing March 2024 SU - Microsoft Support
2. Users may be unable to preview certain Office attachments via OWA – Microsoft is working on releasing a patch
3. Read vs Unread message indications may be inconsistent via Outlook Desktop – Microsoft is working on releasing a patch
*Please Note before proceeding* - If you are using Email Threat Protection Smarthosting for outbound service, DKIM/DMARC will need to be configured there instead of O365 – see the following link for ETP Smarthosting - Zix | AppRiver Status - DKIM signing for Email Threat Protection
Yahoo/Aol and a few other providers recently made some security updates and are beginning to require DKIM/DMARC in addition to SPF. These records would need to be configured with your DNS provider, in order to prevent the rejections, you have received.
Please ensure you have SPF (TXT) record configured first before proceeding with O365 DKIM/DMARC.
How to enable/add DKIM:
Generate DKIM keys within the M365 Admin Center -
1. Sign-in through the M365 admin center as a global administrator
2. In the left-hand menu, click on Security under Admin Centers. This will take you to the Microsoft Defender Portal.
3. From there, Under Email & Collaboration - click on Policies and Rules --> Threat policies --> Email Authentication Settings --> DKIM --> Select your Domain and Enable.
4. You can select Generate DKIM Key and it will populate the required CNAME record information
OR
It will show in the form of an error message when attempting to enable. This error message also contains the needed CNAME records.
***Once you have configured these two CNAME records on your DNS side, please go back to the same location mentioned above in the Microsoft Defender Portal.***
1. M365 admin center --> Security Admin Center (Microsoft Defender Portal) --> Policies and Rules --> Threat policies --> Email Authentication Settings --> DKIM --> Click on Domain and Enable DKIM.
***DKIM should now be successfully be enabled.***
How to add DMARC:
1. After DKIM is enabled and configured, please contact your DNS provider for assistance with creating a DMARC record.
There is also third-party tools and sites that can be used as a DMARC generator to generate a DMARC record for you. Then you can add the record through your DNS provider.
------------
For more information regarding both records, please see the articles below.
Set up DKIM to sign mail from your Microsoft 365 domain:
Set up DMARC to validate the From address domain for senders in Microsoft 365: