DKIM and DMARC are used to prevent spoofing of the domain name by spammers. Configuring it in Office365 is quite easy, but must be done manually if you use a custom domain (so not the standard .onmicrosoft.com). I assume, that the standard DNS configuration including the SPF record is already done, as they are set automatically or at least validated during the setup of a new domain.
To configure the DKIM and DMARC records, you just need to add a few DNS record and enable it in Exchange Online:
Step 1: Enable DKIM
Go to Exchange Admin Center and open dkim which you can find under protection. Select your domain and press “enable”:
It is important, also for regulatory reasons, to know which data is stored and what kind of data it is. It can be financial data, personal data or any other type. For GDPR reasons, its especially important to mark personal data and have a documentation ready, which data is stored and why.
This can be a challenging and annoying task if you have to do this for an existing database with a few hundred tables. Fortunately, there ways to make life easier.
Built-in Data Discovery and Classification
The easiest way is to use the built-in data discovery and classification feature that comes with Azure SQL Databases. Just go to the ‘Advanced data security’ tab and enable the feature:
If you use Azure SQL Server and you care about security, then it definitely makes sense to give users access via their Azure Active Directory account. Azure AD supports multi-factor authentication, identity protection and a lot of other security features which makes it much more secure than using a connection string.
The first thing to configure is the Admin access via Azure AD. That’s easily doable via the Azure Portal:
- Navigate to your Azure SQL Server (not the Database!)
- Open the Active Directory Admin settings:
- Go to Set Admin and configure your user. I suggest to configure a group as it gives you more flexibility
If you join devices to Azure AD, then you can see that each device has an owner. The owner is the user who joined the device to the Azure AD which is sometimes the account of the administrator. That’s why one probably wants to change the owner which is unfortunately not possible via the Azure portal. But, as usual, you can easily do it via PowerShell.
The main commands you need are:
Get-AzureADDevice # returns all device
Get-AzureADUser # returns all users
# add new device owner
Add-AzureADDeviceRegisteredOwner -ObjectId [DeviceObjectId] -RefObjectId [NewOwnerObjectId]
#remove previous device owner
Remove-AzureADDeviceRegisteredOwner -ObjectId [DeviceObjectId] -OwnerId [PreviousOwnerObjectId]
I created a simple script which has device name and new owner as input and simply does the job:
There are many reasons why someone wants to forward all incoming mails from a domain to a specific address. One use case is by sure testing. If you test an application, then you probably need a lot of mail addresses. To avoid creating all the mail addresses, you could use tools like postfix for it. But it also requires some setup and configuration.
I am Office 365 user and I love it and by sure, I want to solve this issue with Office 365. I tried it and it took some time, but then I found the right setup.
So, what I want to achieve is simple:
All mails sent to @tst.axr.at should be forwarded to a shared mailbox, where all testers have access (or to specific address).
Sounds simple and you can easily configure it in Office 365, but there are a few pitfalls, that’s why I created this blog post. So let’s go through it step by step.