check before: 2024-02-13
Product:
Exchange, Power Automate
Platform:
Online, US Instances, World tenant
Status:
In development
Change type:
Admin impact, New feature, Updated message, User impact
Links:
Details:
Microsoft Exchange Online will support inbound SMTP DANE with DNSSEC starting from lMay 2024. Inbound SMTP DANE with DNSSEC will be off by default, and if you do not want to enable the feature, you do not need to do anything. If you want to enable the feature, follow the documentation using Exchange PowerShell. Review your domain configuration internally to ensure you won't be impacted by any of the limitations.
Updated April 15, 2024: We have updated the timing of the Preview below. Thank you for your patience.
We are adding support for DNS-based Authentication of Named Entities (or DANE) for SMTP and Domain Name System Security Extensions (DNSSEC) for inbound mail to Exchange Online. DANE for SMTP is a security protocol that uses DNS to verify the authenticity of the certificates used for securing email communication with TLS and protecting against TLS downgrade attacks. DNSSEC is a set of extensions to DNS that provides cryptographic verification of DNS records, preventing DNS-spoofing and adversary-in-the-middle attacks to DNS.
This message is associated with Microsoft 365 Roadmap ID 63213.
[When this will happen:]
Public Preview: We will begin rolling out in May 2024.
Standard Release: We begin rolling out late June 2024 and expect to complete by late July 2024.
Change Category:
XXXXXXX ...
Scope:
XXXXXXX ...
Release Phase:
General Availability, Preview
Created:
2024-01-30
updated:
2024-04-16
the free basic plan is required to see all details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
changes*
| Date | Property | old | new |
| 2024-04-16 | MC Messages | Updated February 16, 2024: We have updated the content below for clarity Thank you for your patience.
We are adding support for DNS-based Authentication of Named Entities (or DANE) for SMTP and Domain Name System Security Extensions (DNSSEC) for inbound mail to Exchange Online. DANE for SMTP is a security protocol that uses DNS to verify the authenticity of the certificates used for securing email communication with TLS and protecting against TLS downgrade attacks. DNSSEC is a set of extensions to DNS that provides cryptographic verification of DNS records, preventing DNS-spoofing and adversary-in-the-middle attacks to DNS. This message is associated with Microsoft 365 Roadmap ID 63213. [When this will happen:] Public Preview: We will begin rolling out late March 2024 and expect to complete by late April 2024. Standard Release: We begin rolling out late June 2024 and expect to complete by late July 2024. | Updated April 15, 2024: We have updated the timing of the Preview below. Thank you for your patience.
We are adding support for DNS-based Authentication of Named Entities (or DANE) for SMTP and Domain Name System Security Extensions (DNSSEC) for inbound mail to Exchange Online. DANE for SMTP is a security protocol that uses DNS to verify the authenticity of the certificates used for securing email communication with TLS and protecting against TLS downgrade attacks. DNSSEC is a set of extensions to DNS that provides cryptographic verification of DNS records, preventing DNS-spoofing and adversary-in-the-middle attacks to DNS. This message is associated with Microsoft 365 Roadmap ID 63213. [When this will happen:] Public Preview: We will begin rolling out in May 2024. Standard Release: We begin rolling out late June 2024 and expect to complete by late July 2024. |
| 2024-04-16 | MC Last Updated | 02/17/2024 00:20:42 | 2024-04-15T23:43:58Z |
| 2024-04-16 | MC Summary | Microsoft Exchange Online will support inbound SMTP DANE with DNSSEC starting from late March 2024. Inbound SMTP DANE with DNSSEC will be off by default, and if you do not want to enable the feature, you do not need to do anything. If you want to enable the feature, follow the documentation using Exchange PowerShell. Review your domain configuration internally to ensure you won't be impacted by any of the limitations. | Microsoft Exchange Online will support inbound SMTP DANE with DNSSEC starting from lMay 2024. Inbound SMTP DANE with DNSSEC will be off by default, and if you do not want to enable the feature, you do not need to do anything. If you want to enable the feature, follow the documentation using Exchange PowerShell. Review your domain configuration internally to ensure you won't be impacted by any of the limitations. |
| 2024-02-17 | MC prepare | Review your domain configuration internally to ensure you won’t be impacted by any of the limitations below, and visit Implementing Inbound SMTP DANE with DNSSEC for Exchange Online Mail Flow - Microsoft Community Hub for more detailed information on limitations:
Not supported: Fully delegated domain, onmicrosoft.com domains, and domains purchased from Microsoft known as “viral” or self-service sign-up domains Supported with risk: 3rd-party gateways and integration with mail flow https://learn.microsoft.com/purview/how-smtp-dane-works?view=o365-worldwide#how-can-exchange-online-customers-use-smtp-dane-inbound https://techcommunity.microsoft.com/t5/exchange-team-blog/implementing-inbound-smtp-dane-with-dnssec-for-exchange-online/ba-p/3939694 https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=63213 | Review your domain configuration internally to ensure you won’t be impacted by any of the limitations below, and visit Implementing Inbound SMTP DANE with DNSSEC for Exchange Online Mail Flow - Microsoft Community Hub for more detailed information on limitations:
Not supported: Fully delegated domain, onmicrosoft.com domains, and domains purchased from Microsoft known as “viral” or self-service sign-up domains Supported with risk: 3rd-party gateways, connectors, and integration with hybrid mail flow (ex. if you are using a connector to smarthost to a domain that you want to enable with DNSSEC, you need to update the smarthost name for that connector [ex. contoso-com.mail.protection.outlook.com] to match the new MX record that will be provided during DNSSEC enablement or, preferably, to match the tenant's onmicrosoft.com domain [ex. tenant-name.onmicrosoft.com] before enabling the feature.) https://learn.microsoft.com/purview/how-smtp-dane-works?view=o365-worldwide#how-can-exchange-online-customers-use-smtp-dane-inbound https://techcommunity.microsoft.com/t5/exchange-team-blog/implementing-inbound-smtp-dane-with-dnssec-for-exchange-online/ba-p/3939694 https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=63213 |
| 2024-02-17 | MC Summary | Microsoft Exchange Online will support inbound SMTP DANE with DNSSEC starting from late March 2024. Inbound SMTP DANE with DNSSEC will be off by default, and if you do not want to enable the feature, you do not need to do anything. If you want to enable the feature, follow the documentation using Exchange PowerShell. Review your domain configuration internally to ensure you won't be impacted by any of the limitations. | |
| 2024-02-17 | MC Last Updated | 01/30/2024 00:51:59 | 2024-02-17T00:20:42Z |
| 2024-02-17 | MC Messages | We are adding support for DNS-based Authentication of Named Entities (or DANE) for SMTP and Domain Name System Security Extensions (DNSSEC) for inbound mail to Exchange Online. DANE for SMTP is a security protocol that uses DNS to verify the authenticity of the certificates used for securing email communication with TLS and protecting against TLS downgrade attacks. DNSSEC is a set of extensions to DNS that provides cryptographic verification of DNS records, preventing DNS-spoofing and adversary-in-the-middle attacks to DNS.
This message is associated with Microsoft 365 Roadmap ID 63213. [When this will happen:] Public Preview: We will begin rolling out late March 2024 and expect to complete by late April 2024. Standard Release: We begin rolling out late June 2024 and expect to complete by late July 2024. | Updated February 16, 2024: We have updated the content below for clarity Thank you for your patience.
We are adding support for DNS-based Authentication of Named Entities (or DANE) for SMTP and Domain Name System Security Extensions (DNSSEC) for inbound mail to Exchange Online. DANE for SMTP is a security protocol that uses DNS to verify the authenticity of the certificates used for securing email communication with TLS and protecting against TLS downgrade attacks. DNSSEC is a set of extensions to DNS that provides cryptographic verification of DNS records, preventing DNS-spoofing and adversary-in-the-middle attacks to DNS. This message is associated with Microsoft 365 Roadmap ID 63213. [When this will happen:] Public Preview: We will begin rolling out late March 2024 and expect to complete by late April 2024. Standard Release: We begin rolling out late June 2024 and expect to complete by late July 2024. |
| 2024-02-17 | MC Title | Microsoft Exchange Online: Support for inbound SMTP DANE with DNSSEC | (Updated) Microsoft Exchange Online: Support for inbound SMTP DANE with DNSSEC |
| 2024-02-17 | MC MessageTagNames | New feature, User impact, Admin impact | Updated message, New feature, User impact, Admin impact |
*starting April 2022
Last updated 2 weeks ago
