| Announcement ID | MC711018 | Published Date | 01-29-2024 | |
| Service | Exchange | Last Updated | 07-17-2024 | |
| Category | Stay informed | Expiration Date | 01-13-2025 | |
| Roadmap ID | 63213 | Action Required by Date | ||
| Tags | Admin impact, New feature, User impact | |||
| Summary |
|---|
| Microsoft Exchange Online is updating to support inbound SMTP DANE with DNSSEC. Public Preview begins in July 2024, with General Availability rolling out from early September to late October 2024. This feature will be off by default and can be enabled using Exchange PowerShell, with a new experience for enabling without PowerShell coming by the end of 2024. There are specific supported and unsupported domain configurations to consider. |
| More Information |
|---|
We are adding support for DNS-based Authentication of Named Entities (or DANE) for SMTP and Domain Name System Security Extensions (DNSSEC) for inbound mail to Exchange Online. DANE for SMTP is a security protocol that uses DNS to verify the authenticity of the certificates used for securing email communication with TLS and protecting against TLS downgrade attacks. DNSSEC is a set of extensions to DNS that provides cryptographic verification of DNS records, preventing DNS-spoofing and adversary-in-the-middle attacks to DNS. When this will happen:Public Preview: We will begin rolling out in July 2024. General Availability: We begin rolling out early September 2024 (previously late August) and expect to complete by late October 2024 (previously late September). How this will affect your organization:Inbound SMTP DANE with DNSSEC will be off by default. If you do not want to enable the feature, you do not need to do anything. What you need to do to prepare:Review your domain configuration internally to ensure you won't be impacted by any of the limitations below.
|