Tag Archives: Portal

DKIM in Office 365

Microsoft has implemented DKIM, DMARC and SPF in Exchange Online, the only thing you have to do is enable it. The only thing for DKIM you have to do is create two CNAME records in DNS and enable DKIM in the Exchange Admin Center.

DKIM CNAME records

The CNAME records you have to create for DKIM look like this:


Selector1 and selector 2 are the 2 selector tags (in Office 365 these will always be selector1 and selector2), the _domainkey is a default tag that will be added. Of course you have to replace the contoso.com with your own domain.

The CNAME records have to point to the following locations:


Continue reading DKIM in Office 365

Upgrade to Azure Active Directory Premium

Recently I was working with a customer who wanted to move from Exchange 2010 on-premises to Exchange Online. This customer had a lot of Mac clients (both internally and externally). Since Mac clients are not a member of the Active Directory domain I asked how these users changed their Domain password. “Using OWA” was the answer, which makes sense.

This poses a problem in Office 365, since the change password feature is not available in Exchange Online (nor in Exchange 2013/2016 on premises BTW). I have to admit, you can change a password in the Microsoft Online Portal, but this only works when using Cloud Identities, and not when you’re synchronizing user account with their password from an on-premises Active Directory.

One nice feature in Office 365, or more specifically in Azure Active Directory is the option to implement Password writeback. This way users can change their password in Office 365, and the new password will be synchronized to your on-premises Active Directory. This is not only very interesting for customers using Mac clients, but also for customer that have (a lot of) users working remotely, without direct access to on-premises Active Directory.

Activating password writeback consists of two steps:

  • Implementing self-service password reset in Office 365.
  • Implementing password writeback.

To enable the self-service password reset functionality you need an Azure AD Basic or Azure AD Premium subscription. An overview of Azure AD options is available on the Azure Active Directory Pricing page. Continue reading Upgrade to Azure Active Directory Premium