Details
During initial onboarding if a domain is skipped Shield still onboards the users for the skipped domain, but doesn't perform full filtering unless you perform DNS and transport rules changes.
How to Add the Skipped Domain
The MX record should be checked and SPF/CNAME values should be updated manually for the skipped domain.
MX Record Check
Ensure the MX record is pointing to Microsoft. It cannot be pointing to Cloudfilter before proceeding.
SPF TXT Record
- v=spf1 include:spf.protection.outlook.com include:spf.shield.security -all
- Note that there may be other entries in the SPF record that should be preserved.
DKIM CNAME Records
- shield1._domainkey
- shield2._domainkey
Microsoft 365 Transport Rules
The Send to Frontline, Send to Junk, and Send to Outpost transport rules will have criteria that identify the specific domains you selected during onboarding, and the skipped domain should be manually added to these rules.
Related to
Updated