Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
onmicrosoft.com global rule
See original GitHub issueThat I know all mails from *@*.onmicrosoft.com are signed (but every subdomain have a different signer).
Since I got an unsigned mail that is phishing is it possible to specify that this domain must be globally signed without specify the signer domain?
Issue Analytics
- State:
- Created 4 years ago
- Comments:6 (4 by maintainers)
Top Results From Across the Web
About admin roles in the Microsoft 365 admin center
Global Admins have almost unlimited access to your organization's settings and most of its data. We recommend you limit the number of Global ......
Read more >Global Admin Accounts : r/Office365
I've been taught and have always created Global Admin accounts using the <domain>. onmicrosoft.com domain. Any reason why I should or shouldn't ...
Read more >Office 365 Global Admin Best Practices - Part One
Before we get started, there are some absolute ground rules you must stick to when managing Office 365 global admin accounts:.
Read more >A Breakdown of Microsoft 365 Admin Roles & ...
Global Admin, Assign the Global admin role to users who need global access to most management features and data across Microsoft online services ......
Read more >Where can I find my .onmicrosoft.com domain name?
Log on to the Microsoft 365 portal as a Global Administrator. · Open the admin center. · Under Settings, select Domains: · The...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Unfortunately the above rule interferes with the automatic adding of more precise rules for the
onmicrosoft.comdomain. Additionally in my opinion the usage of such domains unrelated to the one which should be responsible for the e-mail brings little value to the end user (onmicrosoft.combeing a little better than most, as it used subdomains for each customer).Given the reasons above, I currently don’t see myself adding such a rule to the defaults.
As a side note, in my opinion the e-mails should not be only signed by the
onmicrosoft.comdomain anyway. Any good service sending e-mails on behalf of third party’s should allow them to specify custom domains used for DKIM signing. And if I understand the documentation correctly, Microsoft does allow it: https://docs.microsoft.com/en-us/office365/SecurityCompliance/use-dkim-to-validate-outbound-emailIt should be possible by creating the following sign rule:
onmicrosoft.com*(i.e. matching all addresses)onmicrosoft.comdomain specifying a specify SDID (e.g.1000)