While helping a customer setup their Microsoft Office 365 tenant this past week, we ran into an issue with enabling DKIM within Exchange Online.
Within the Exchange Admin Center (EAC), under protection > dkim, for each domain, the Enable option was completely missing.
It was a long shot, but I tried enabling it using PowerShell for Exchange Online with the New-DkimSigningConfig command for each domain as follows:
New-DkimSigningConfig -DomainName contoso.com -Enabled $true
ref: Microsoft Docs
Here is what the output looks like upon successfully calling New-DkimSigningConfig:
PS C:\Users\contosoadmin> New-DkimSigningConfig -DomainName mydomain.com -Enabled $true WARNING: The config was created but can't be enabled because the CNAME records aren't published. Publish the following two CNAME records, and then enable the config by using Set-DkimSigningConfig. selector1-mydomain-com._domainkey.myO365org.onmicrosoft.com selector2-mydomain-com._domainkey.myO365org.onmicrosoft.com Domain Enabled ------ ------- mydomain.com False
Then, back within the Exchange Admin Center (EAC), under protection > dkim, I can now select the domain I just created a new DKIM Signing Config for, and click to Enable it as seen in the following screen shot.
Before you can Enable it though, you have to add the expected CNAME records to DNS. I have a separate post covering the required DNS additions.
Thankfully, this worked, and now next to each domain within EAC, DKIM shows as enabled, and presents the expected options “Disable” and “Rotate” (to rotate the DKIM key):
If this post was helpful to you, please Tweet and share it with others.