---
title: "DMARC for Office 365: The Complete Guide to Microsoft 365 Email Authentication | DMARC Report"
description: "Complete guide to configuring DMARC, SPF, and DKIM for Microsoft 365 (Office 365). Covers Microsoft"
image: "https://dmarcreport.com/og/blog/dmarc-office-365-complete-guide.png"
canonical: "https://dmarcreport.com/blog/dmarc-office-365-complete-guide/"
---

Quick Answer

To set up DMARC for Microsoft 365 (Office 365), configure SPF with include:spf.protection.outlook.com, enable DKIM signing in the Microsoft 365 Defender admin center for your custom domain, and publish a DMARC TXT record at \_dmarc.yourdomain.com. Microsoft began enforcing DMARC for bulk senders in May 2025\. DKIM must be explicitly enabled because it is not on by default for custom domains in Exchange Online.

Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fdmarc-office-365-complete-guide%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=DMARC%20for%20Office%20365%3A%20The%20Complete%20Guide%20to%20Microsoft%20365%20Email%20Authentication&url=undefined%2Fblog%2Fdmarc-office-365-complete-guide%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fdmarc-office-365-complete-guide%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fdmarc-office-365-complete-guide%2F&title=DMARC%20for%20Office%20365%3A%20The%20Complete%20Guide%20to%20Microsoft%20365%20Email%20Authentication "Share on Reddit") [ ](mailto:?subject=DMARC%20for%20Office%20365%3A%20The%20Complete%20Guide%20to%20Microsoft%20365%20Email%20Authentication&body=Check out this article: undefined%2Fblog%2Fdmarc-office-365-complete-guide%2F "Share via Email") 

![DMARC for Office 365: The Complete Guide to Microsoft 365 Email Authentication](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-report-4236.jpg) 

## Try Our Free DMARC Checker

Validate your DMARC policy, check alignment settings, and verify reporting configuration.

[ Check DMARC Record → ](/tools/dmarc-checker/) 

**To set up DMARC for Microsoft 365 (Office 365), you need three DNS records: an SPF record with `include:spf.protection.outlook.com`, DKIM signing enabled via the Microsoft 365 Defender admin center, and a DMARC TXT record at `_dmarc.yourdomain.com`.** Microsoft began enforcing DMARC for bulk senders in May 2025, following Google and Yahoo’s February 2024 mandate. If you run Exchange Online with a custom domain, proper email authentication is no longer optional.

This hub guide brings together everything you need to configure, troubleshoot, and maintain DMARC for Microsoft 365\. Whether you are an Exchange administrator deploying DMARC for the first time, an MSP managing client tenants, or an IT professional investigating delivery failures, this is your starting point.

> Compliance is driving a lot of the DMARC adoption we see, says Vasile Diaconu, Operations Lead at DuoCircle. PCI DSS v4.0, Google’s sender requirements, Microsoft’s May 2025 enforcement — our support team fields questions about these mandates daily. The organizations that moved early are already at p=reject. The rest are scrambling.

## Microsoft’s DMARC Enforcement Timeline

Microsoft announced DMARC enforcement for Outlook.com, Hotmail.com, and Live.com in May 2025\. The key requirements:

- All high-volume senders must authenticate with SPF, DKIM, and DMARC
- Non-compliant messages face rejection or junk folder placement
- The `From` header must align with the authenticated domain
- Microsoft’s inbound DMARC handling rejects or quarantines failing mail based on the sender’s published DMARC policy

For a complete breakdown of Microsoft’s requirements, see our guide on [Microsoft Outlook DMARC requirements for May 2025](/blog/microsoft-outlook-dmarc-requirements-may-2025/) and our coverage of [Microsoft Outlook’s new email security policies](/blog/microsoft-outlook-steps-up-email-security-with-new-policies/).

Microsoft also announced [new DMARC policy handling defaults](/blog/microsoft-announces-new-dmarc-policy-handling-defaults-for-enhanced-email-security/) that affect how Exchange Online processes incoming mail with DMARC failures.

## Step 1: Configure SPF for Microsoft 365

Your SPF record must include Microsoft’s sending infrastructure:

```
yourdomain.com. IN TXT "v=spf1 include:spf.protection.outlook.com -all"
```

If you send through additional services alongside Exchange Online, chain the includes:

```
yourdomain.com. IN TXT "v=spf1 include:spf.protection.outlook.com include:sendgrid.net -all"
```

**Key considerations:**

- Microsoft’s `include:spf.protection.outlook.com` uses 2 of your 10 allowed DNS lookups.
- Only one SPF record per domain. Multiple records cause both to fail.
- Use `-all` (hard fail) rather than `~all` (soft fail) for better protection.
- If you use Exchange on-premises hybrid alongside Exchange Online, you may need additional includes.

Validate your record with our [SPF checker tool](/tools/spf-checker/). For detailed instructions, see our guides on [configuring Microsoft 365 SPF records](/blog/how-to-configure-microsoft-365-spf-records-for-secure-email/) and [understanding SPF record configuration in Office 365](/blog/how-to-configure-microsoft-365-spf-records-for-secure-email/). For domains that also need Outlook-specific SPF configuration, see [adding SPF records to your domain for Outlook email authentication](/blog/adding-spf-records-to-your-domain-for-outlook-email-authentication/).

Our guide on [external DNS records required for SPF in Microsoft 365](/blog/how-to-configure-microsoft-365-spf-records-for-secure-email/) covers the complete set of DNS entries needed for a properly configured Microsoft 365 tenant.

## Step 2: Enable DKIM for Microsoft 365

DKIM is not enabled by default for custom domains in Exchange Online. Microsoft signs outgoing mail with its own `onmicrosoft.com` domain by default, but this signature will not align with your custom domain for DMARC purposes.

### Enable DKIM in the Admin Center

1. Sign in to the [Microsoft 365 Defender portal](https://security.microsoft.com)
2. Navigate to **Email & collaboration > Policies & rules > Threat policies > Email authentication settings**
3. Select the **DKIM** tab
4. Select your custom domain
5. Toggle **Sign messages for this domain with DKIM signatures** to enabled
6. If prompted, publish the two CNAME records in your DNS

### Publish the DKIM CNAME Records

Microsoft requires two CNAME records for DKIM:

```
selector1._domainkey.yourdomain.com CNAME selector1-yourdomain-com._domainkey.yourtenant.onmicrosoft.com
selector2._domainkey.yourdomain.com CNAME selector2-yourdomain-com._domainkey.yourtenant.onmicrosoft.com
```

Replace `yourdomain.com` and `yourtenant` with your actual domain and tenant name. After publishing these records, return to the admin center and enable signing.

For the complete walkthrough, see our guide on [setting up DKIM for Microsoft 365 domains](/blog/setting-dkim-for-microsoft-365-domain/). Validate your DKIM configuration with our [DKIM lookup tool](/tools/dkim-lookup/).

## Step 3: Publish Your DMARC Record

With SPF and DKIM configured, publish your DMARC record:

```
_dmarc.yourdomain.com. IN TXT "v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com"
```

**Always start with `p=none`.** This enables monitoring without affecting delivery. You will move to enforcement after analyzing reports for at least 90 days.

For Microsoft 365-specific DMARC setup, see our dedicated [DMARC for Office 365: Complete Setup Guide](/blog/dmarc-office-365-complete-setup-guide-2026/). For guidance on the recommended record syntax specifically for Office 365 environments, see [recommended DMARC DNS record syntax for Office 365](/blog/dmarc-office-365-complete-setup-guide-2026/).

Validate your record with our [DMARC checker tool](/tools/dmarc-checker/).

## Step 4: Configure Transport Rules for Inbound DMARC Handling

Microsoft 365 allows you to create mail flow rules (transport rules) that take action on inbound messages based on their DMARC results. This is useful for organizations that want to enforce DMARC on incoming mail before Microsoft’s default handling takes effect.

Our guide on [creating Microsoft 365 transport rules to quarantine unauthorized inbound emails](/blog/creating-microsoft-365-transport-rule-to-quarantine-unauthorized-inbound-emails/) covers how to configure these rules in the Exchange admin center.

For broader context on how Microsoft handles DMARC on inbound mail, see [configuring DMARC for validating the From address domain in Microsoft 365](/blog/dmarc-office-365-complete-setup-guide-2026/).

## Step 5: Monitor Aggregate Reports

Within 24-48 hours of publishing your DMARC record, aggregate reports (RUA) will begin arriving. These XML files contain data about every message claiming to be from your domain, including authentication results.

DMARC Report parses these automatically and presents the data in a visual dashboard. For Microsoft 365 domains, pay special attention to:

- **Messages sent through Exchange Online** — these should consistently pass SPF and DKIM if properly configured
- **Messages from third-party services** — marketing platforms, CRM systems, and other tools that send email on your behalf
- **Messages from legacy on-premises servers** — hybrid Exchange environments often have authentication gaps

For general report reading guidance, see our [complete guide to DMARC aggregate reports](/blog/dmarc-aggregate-reports-complete-guide/).

## Step 6: Progress Through Policy Enforcement

The typical enforcement timeline for Microsoft 365 domains:

### Phase 1: p=none (Minimum 90 Days)

Monitor only. Identify all legitimate senders. Fix authentication failures for third-party services. Use the DMARC Report dashboard to track progress.

### Phase 2: p=quarantine (Minimum 90 Days)

Start with `pct=25` to apply the policy to 25% of failing mail. Gradually increase to 100%. Messages that fail DMARC are routed to the recipient’s junk folder.

### Phase 3: p=reject

Full enforcement. Messages that fail DMARC are rejected at the SMTP level. The sending server receives a bounce notification.

For the complete enforcement journey, see our [DMARC policy guide: from none to reject](/blog/dmarc-policy-none-quarantine-reject-guide/) and our [enforcement timeline roadmap](/blog/dmarc-enforcement-timeline-none-to-reject-roadmap/).

## Troubleshooting Office 365 DMARC Issues

### Email Delivery Failures After DMARC Implementation

The most common post-implementation issue is legitimate email being blocked or quarantined. This happens when third-party services are not authenticated before moving to enforcement. Our guide on [troubleshooting email delivery failures after implementing DMARC in Office 365](/blog/dmarc-office-365-complete-setup-guide-2026/) walks through the diagnostic process.

### DMARC Impact on Office 365 Deliverability

DMARC affects both inbound and outbound email in Microsoft 365\. Outbound messages from your domain need to pass DMARC for delivery to receivers that enforce it. Inbound messages to your tenant are evaluated against the sender’s DMARC policy. Our guide on [the impact of DMARC on email deliverability for Office 365 users](/blog/dmarc-office-365-complete-setup-guide-2026/) covers both directions.

### Protecting Your Office 365 Infrastructure

Beyond DMARC for outbound authentication, you should also protect your Exchange Online environment from incoming spoofed mail. Our guide on [protecting your email infrastructure with DMARC for Office 365](/blog/dmarc-office-365-complete-setup-guide-2026/) covers the defensive configuration.

### SPF Authentication for Outlook

If you use Outlook.com accounts (consumer or business) alongside Microsoft 365, SPF configuration has specific requirements. See our guide on [enhancing email authentication using SPF for Outlook](/blog/enhance-email-authentication-using-spf-outlook-for-safer-professional-communication/).

## Common Office 365 DMARC Mistakes

**DKIM not enabled for custom domains.** This is the single most common mistake. Microsoft signs mail with its `onmicrosoft.com` domain by default. Unless you enable DKIM for your custom domain, DKIM alignment fails. Messages may still deliver because SPF passes, but you lose the DKIM safety net for forwarded mail.

**Missing the second DKIM CNAME record.** Microsoft requires two CNAME records (selector1 and selector2) for key rotation. Publishing only one causes intermittent DKIM failures during key rotation.

**SPF record not including Microsoft’s servers.** If `include:spf.protection.outlook.com` is missing, every message sent through Exchange Online fails SPF.

**Hybrid Exchange misconfigurations.** Organizations with on-premises Exchange servers connected to Exchange Online often have authentication gaps. The on-premises server sends mail with the correct From domain but from an IP not covered by the cloud SPF record.

**Forgetting to authenticate third-party senders.** Marketing platforms, CRM tools, ticketing systems, and other services that send email using your domain need to be added to your SPF record and/or configured with DKIM signing.

## Third-Party Sender Authentication in Office 365

Most organizations use third-party services alongside Exchange Online. Each service needs proper authentication:

### Marketing and Transactional Email

- Add the service’s SPF include to your record (e.g., `include:sendgrid.net`, `include:servers.mcsv.net`)
- Configure DKIM signing with your domain through the service’s admin panel
- Verify alignment by checking DMARC reports after deployment

### HubSpot Integration

For HubSpot users, see our guide on [how to add HubSpot SPF, DMARC, and DKIM for email authentication](/blog/how-to-add-hubspot-spf-dmarc-dkim-for-email-authentication/).

### Multiple Domains and Subdomains

Organizations with complex domain structures should review our guide on [how to implement DMARC for multiple domains and subdomains](/blog/how-can-i-implement-dmarc-for-multiple-domains-and-subdomains/). The `sp` tag in your DMARC record controls subdomain policy. See [the DMARC subdomain policy tag explained](/blog/dmarc-subdomain-policy-tag-explained-how-it-works/) for details.

## Secure Email Practices in Microsoft 365

DMARC is one component of a broader email security strategy in Microsoft 365\. Related topics include:

- [Sending secure encrypted emails in Outlook](/blog/sending-secure-encrypted-emails-outlook-what-it-takes/) covers encryption alongside authentication
- [How to recall an email in Outlook](/blog/how-to-recall-email-in-outlook-tips-and-instructions-for-success/) addresses message management in Exchange

For organizations dealing with broader Microsoft 365 threats, our coverage of [Microsoft 365 security developments](/blog/trump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient/) provides context on the evolving threat landscape.

## Office 365 and Multi-Provider Environments

Many organizations use Microsoft 365 for core email but other providers for specific functions. Common combinations include:

- **Microsoft 365 + SendGrid** for transactional email
- **Microsoft 365 + Mailchimp** for marketing email
- **Microsoft 365 + Salesforce** for CRM-generated email
- **Microsoft 365 + Zendesk** for support tickets

Each additional sender must be included in your SPF record and ideally configured with DKIM. Monitor your 10-lookup SPF limit carefully when chaining multiple includes. Our [SPF checker tool](/tools/spf-checker/) shows your current lookup count.

For guidance on managing high-volume email authentication with complex sending infrastructure, see [best practices for generating DMARC records for high-volume mailers](/blog/best-practices-for-generating-dmarc-records-for-high-volume-mailers/).

## DMARC Record Generator for Office 365

If you want a tool-assisted approach to creating your DMARC record, our [DMARC record generator for Gmail and Office 365](/tools/dmarc-record-generator/) walks through the process with pre-configured settings for Microsoft environments.

## Why Microsoft’s Enforcement Matters

Microsoft’s May 2025 enforcement represents a significant shift. Before this date, Outlook.com would honor the sender’s DMARC policy but was relatively lenient about edge cases. The new defaults mean:

- **p=reject is enforced strictly.** Messages failing DMARC from domains with p=reject are rejected, not just marked as spam.
- **Spoofed mail lands in junk.** Even with p=none, Microsoft now provides safety tips in the message header when DMARC fails.
- **Aggregate reporting is more consistent.** Microsoft’s reporting infrastructure has improved, delivering more reliable RUA data.

This enforcement, combined with Google’s and Yahoo’s earlier mandates, means the three largest consumer email providers now enforce DMARC. Domains without DMARC authentication face delivery problems across the board. For the broader context of multi-provider enforcement, see [why Google, Yahoo, Microsoft, and iCloud enforce stricter email authentication standards](/blog/why-google-yahoo-microsoft-icloud-enforce-stricter-email-authentication-standards/).

## Next Steps

Once your Microsoft 365 DMARC setup is complete and enforced at p=reject:

1. **Enable ongoing monitoring** with DMARC Report to catch authentication regressions when third-party vendors change their infrastructure.
2. **Review subdomain policies** using the `sp` tag or individual subdomain DMARC records.
3. **Consider BIMI** to display your brand logo in supporting email clients.
4. **Train your team** so new services are authenticated before they start sending.

For the complete DMARC setup process across all platforms, see our [DMARC setup complete guide](/blog/dmarc-setup-complete-guide/).

## Topics

[ DMARC ](/tags/dmarc/)[ dmarc record ](/tags/dmarc-record/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/)[ dkim ](/tags/dkim/)[ office 365 ](/tags/office-365/)[ microsoft 365 ](/tags/microsoft-365/)[ email authentication ](/tags/email-authentication/) 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Take control of your DMARC reports

Turn raw XML into actionable dashboards. Start free - no credit card required.

[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) 

## Related Articles

[  Foundational 15m  DMARC for Gmail and Google Workspace: The Complete Guide  Apr 23, 2026 ](/blog/dmarc-gmail-google-workspace-complete-guide/)[  Foundational 16m  DMARC Policy Guide: The Complete Journey from None to Quarantine to Reject  Apr 23, 2026 ](/blog/dmarc-policy-none-quarantine-reject-guide/)[  Foundational 14m  DMARC Setup Complete Guide: From Zero to Full Protection  Apr 23, 2026 ](/blog/dmarc-setup-complete-guide/)[  Foundational 7m  4 sectors that need email authentication the most and why  Oct 15, 2024 ](/blog/4-sectors-that-need-email-authentication-the-most-and-why/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"DMARC for Office 365: The Complete Guide to Microsoft 365 Email Authentication","description":"Complete guide to configuring DMARC, SPF, and DKIM for Microsoft 365 (Office 365). Covers Microsoft's enforcement rules, Exchange Online setup, troubleshooting, and ongoing monitoring.","url":"https://dmarcreport.com/blog/dmarc-office-365-complete-guide/","datePublished":"2026-04-23T00:00:00.000Z","dateModified":"2026-04-23T00:00:00.000Z","dateCreated":"2026-04-23T00:00:00.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/dmarc-office-365-complete-guide/"},"articleSection":"foundational","keywords":"DMARC, dmarc record, email security, SPF, dkim, office 365, microsoft 365, email authentication","wordCount":3100,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-report-4236.jpg","caption":"DMARC for Office 365: The Complete Guide to Microsoft 365 Email Authentication","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"DMARC for Office 365: The Complete Guide to Microsoft 365 Email Authentication","item":"https://dmarcreport.com/blog/dmarc-office-365-complete-guide/"}]}
```