Add DKIM Domain in Sending Infrastructure for Tenant Allow Block Lists-Spoofing

For Microsoft Defender for Office 365 and Exchange Online Protection, we are adding support for providing “DKIM verified domain” as the “Sending Infrastructure” within Tenant allow-block lists-Spoofing, so that Security Administrators can better manage Anti-Spoofing activity and override it based on Spoof Intelligence. Currently, what is supported in this field is either the domain from DNS PTR record or /24 IP Subnet. Additionally, being able to specify a ‘DKIM verified domain’ will help serve scenarios where shared infrastructure provider services are used for sending emails. Since the DKIM domain is unique to each tenant and if it passes verification even when other authentication signals fail, if desired for legitimate business reasons, a spoofed message can still be allowed instead of being blocked.

This message is associated with Microsoft 365 Roadmap ID 93359


Microsoft Feed on the Outlook Mobile Search Page

Updated June 10, 2022: We have updated this post with additional details for clarity. Thank you for your patience.

The Search Page in Outlook Mobile is being enhanced with a new feed that aims to help users stay on top of things. The feed looks at what is happening in Microsoft 365 and surfaces updates and insights about colleagues, documents, and other artifacts in a vertical feed view, ranked personally for each user. 


Tenant Trusted ARC Sealers for Email Authentication

Authenticated Received Chain (ARC) is an email authentication mechanism that helps preserve authentication results across intermediaries. Email authentication mechanisms like SPF, DKIM, DMARC are used to verify the senders of emails for the safety of mail recipients, but some legitimate services may make changes to the email between the send and receipt. This intervention from legitimate services may accidentally cause the message to fail email authentication at subsequent hops. 

The ARC trusted sealers feature lets admins add trusted intermediaries in the Microsoft 365 Defender portal. This allows Microsoft to honor ARC signatures from your list of trusted intermediaries, to help authenticate the message.


Consistently block delegates or shared mailbox members from accessing protected messages in Outlook

Outlook will provide consistent access control on protected emails (Protected by MIP Sensitivity labels, or RMS protected emails) for Microsoft 365 delegates and shared mailbox members. For delegates or shared mailbox members, when they have full access of the owner’s mailbox but are not allowed to read encrypted email, Outlook will have a new cmdlet setting to block the owner’s protected email access which covers ad-hoc encrypted email as well as email with protected MIP sensitivity labels.

This message is associated with Microsoft 365 Roadmap ID: 88888


Microsoft Defender for Office 365 Preset Security Policies

We are making enhancements to Microsoft Defender for Office 365 preset security policies. It will provide a way to apply the policy to the entire organization and be able to optionally configure a list of custom users and custom domains to protect against impersonation attacks.

Impersonation protection applies to Microsoft Defender for Office 365 Plan 1 and Plan 2 & Microsoft 365 Defender


Microsoft Defender for Office 365: Update to Quarantine notification default subject and review button

We will be updating the default subject within the Quarantine notification email that is sent to users.

When this will happen:


Outlook – Additional RSVP Options

The additional options for more detailed RSVP responses will start to roll out across Outlook. With this feature, attendees can let the organizer and other attendees know how they plan to attend a meeting, whether in person or virtually. These responses can be seen by anyone in the meeting invite, inside and outside of their organization, with a commercial or education Microsoft 365 account using a supported client and can be changed at any point.

When this will happen:


Microsoft Defender for Office 365: Password protected download of quarantined messages

With this change we are giving the ability to password protects items they download from quarantine. We want users to be confident that the items they are downloading to their systems will not execute involuntarily without their consent, and this capability will allow them to safely transport the items to external analysis tools.

This message is associated with Microsoft 365 Roadmap ID 93305


Microsoft Defender for Office 365: Quarantine asynchronous update

Microsoft Defender for Office 365 is introducing a new way of interacting with quarantined messages through an asynchronous approach. Previously, quarantine operations were carried out in a synchronous model on the technical execution side.

Note: This change is a major step towards introducing partial string search functionality and 1,000 message bulk operation support in quarantine.


Microsoft Defender for Office 365: Quarantined message storage in hidden system folder on user mailbox

Microsoft Defender for Office 365 is making some changes to quarantine folder storage. The experience for users will remain the same and users can leverage the delete action to maintain the storage folder for their quarantined messages.

This message is associated with Microsoft 365 Roadmap ID 93302.


I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.