Synopsis:
While using Proofpoint Essentials (PPE) you can decide to either use DKIM signing using office365 or Proofpoint Essentials or both at the same time.
In this case KB we will focus on creating DKIM on office365 so we can make sure outbound message(s) is DKIM signed from office365 to make sure it is not altered on its way out to the recipient(s)
To see how to create DKIM on Proofpoint click <here>
Solution:
In the Exchange Admin Center:
1. click the “Classic Exchange Admin Center”
2. Click on “Protection” then “DKIM” and on the main display of domain list, select the specific domain and notice on the right pane if the DKIM feature is enable or disable
If the DKIM is disabled and you want to Enable it, you will need extract from office365 your TWO CNAME records using the following :
a. connect to Office365 through PowerShell by clicking <here>
b. Run the following command:
Get-DkimSigningConfig -Identity virusuplabb.com | Format-List |
 |
Host name | Points to address or value |
selector1._domainkey
| Selector1-virusuplabb-com._domainkey.virusuplabb.onmicrosoft.com |
Selector2._domainkey
| selector2-virssuplabb-com._domainkey.virusuplabb.onmicrosoft.com |
3. Go to your DNS portal and add both CNAMES and wait few minutes (this will depend on the DNS provider you are using) for the new records to propagate
4. Once they get propagated in the DNS world, then you can activate DKIM from the “Classic Exchange Admin Center” and click on “Protection” then select "dkim"
If you prefer PowerShell command line to activate DKIM, you can run the command below:
| Set-DkimSigningConfig -Identity virusuplabb.com -Enable $true |
5- To verify is all is set correctly run the following PowerShell cmdlet
| Get-DkimSigningConfig -Identity virusuplabb.com | Format-List |
If you get results resembling to the below it mean that you are all set, if not then revise the Steps above.
