Share via

Reporting on DKIM status across multiple tenants

David Dawson 100 86 Reputation points
2023-12-14T22:38:18.0766667+00:00

I work at an MSP and we'd like to find a way to stay on top of our client DKIM status. We can do this one-by-one by logging in and going to the Defender admin center, of course, but that's a manual process. Is there anyway to get reporting for this? We'd like to get: list of domains in a tenant, and what the DKIM status is.

We already have GDAP set up so I can see the clients in Lighthouse from my user work account and don't have to log in with their account to do basic management.

I've looked over the Lighthouse API documentation and found that it's really great but it doesn't have access to DKIM. We could look at MS Graph because I thought it might be slightly better than using a web browser to query info but it doesn't have access to Exchange Online settings. It looks like we won't have these as a route to get info across our clients.

Microsoft Exchange Online
Azure Lighthouse
Azure Lighthouse
An Azure service that provides secure managed services and access control for partners and customers.
79 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,291 questions
0 comments
Accepted answer
  1. Andy David - MVP 149.2K Reputation points MVP
    2023-12-15T03:15:10.8833333+00:00

    Why not just check using a 3rd party website (https://mxtoolbox.com/dkim.aspx) or looking up the DKIM record in DNS:

    For Office 365/Exchange Online tenants, they all use the same conventions.

    If you know the domains they send as, it will always be:

    selector1._domainkey.domain.com

    selector2._domainkey.domain.com

    That CNAME should resolve to the 365 DKIM record.

    User's image

    You can query those and of one of those resolves, then its setup and working

    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dkim-configure?view=o365-worldwide

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.