Description
Shield's automated deployment process makes several changes to the Shield organization's Microsoft tenant and DNS records. Below are the changes made.
Shield is not compatible with GoDaddy's Microsoft 365 (M365) offering. GoDaddy provides a restricted, locked-down M365 experience that limits full administrative access to the tenant. As such, we cannot support M365 on GoDaddy at this time. We recommend that partners assist their clients in defederating their domain from GoDaddy and implementing M365 directly or through a distributor such as PAX8 or Sherweb. If you're unfamiliar with the defederation process, we suggest contacting PAX8 or Sherweb for further guidance.
Starting the Shield setup will put high-level protections in place, but it won’t take action on emails that don’t contain High-Risk threats until you’ve completed the setup. If an email is held in Jail that is required before Shield is activated, you can release it utilizing Spotlight. Please open a ticket if you experience any other issues.
The items mentioned below should not be modified or removed without assistance from Support.
Deployment Step Changes
Step 1: Connect to Microsoft
The Shield Enterprise app is added to the Microsoft 365 tenant's apps dashboard.
Step 2: Set up Domains with Shield
MX records are not changed during Shield deployment. For concerns, please contact the Support team. Microsoft's MX record must be listed for the onboarding domain in order for this step to complete successfully. If a partner insists that they want our value, assist them with changing the MX record to domain-tld.in.shield.security
This step changes the Shield domain's SPF and DKIM records within the domain's DNS Host. For a list of DNS hosts that may be automatically updated, please visit Entri.
SPF:
-
v=spf1 include:spf.protection.outlook.com include:spf.shield.security -all
- Note that there may be other entries in the SPF record that should be preserved.
DKIM:
-
shield1._domainkey
- domain-tld.selector1._domainkey.shield.security
-
shield2._domainkey
- domain-tld.selector2._domainkey.shield.security
The value domain-tld is replaced with the domain you are adding to Shield, keeping the '-' in place.
Subdomain values for DKIM are in the format subdomain-domain-tld.
Example:
tech-codymulti-work.selector1._domainkey.shield.security
tech-codymulti-work.selector2._domainkey.shield.security
Step 3: Configure Mail Flow
Shield connectors, transport rules, and an ARC sealer are created in the Microsoft 365 tenant using permissions from Step 1. The names of these items are provided below:
-
Connectors:
-
Shield - Receive from Courier
-
Shield - Send to Outpost
-
Shield - Send to Frontline
-
Shield - Send to Bracket
-
-
Transport Rules:
-
Shield - Send to Frontline
-
Shield - Send to Bracket
-
Shield - Bypass Spam Filtering
-
Shield - Send to Outpost
-
Shield - Send to Junk
-
- ARC Sealer: shield.security
Related to
Updated