DKIM Signing for Default Domain

DKIM (DomainKeys Identified Mail) is an email authentication method that uses cryptographic signatures to verify that an email was sent from an authorized server and has not been altered in transit.

Failure to set up DKIM may result in emails being flagged as spam or rejected by recipient servers, as they lack verification of authenticity, and your domain becomes more vulnerable to spoofing and phishing attacks.

Setting up in M365

Set up for DKIM requires that values are copied from M365 into the domain's DNS settings, where you add a TXT record containing the public key for verification, and in your email server or provider's settings, where the private key is used to sign outgoing emails.

This document outlines how to do this

https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dkim-configure

DKIM Baseline

The DKIM Signing for Default Domain baseline can check if DKIM keys have been set up on the Microsoft side for this domain, however, it cannot affect the domain DNS settings and thus, this must be done separately.

If DKIm is not set up in Microsoft correctly, then the baseline will report a deviation (see image)