This module will no longer be required as of March 2023 as Microsoft are rolling out DMARC aggregate reports for all Exchange Online Protection customers.
As Microsoft Office 365 will send DMARC reports, the module will be unnecessary. It previously covered a blind spot created by lack of reporting on Microsoft's part.
Microsoft's Office 365 Roadmap features the DMARC reporting here.
!!! Read above !!!
What was the problem?
Your information in OnDMARC is populated by DMARC reports.
DMARC reports are sent by email receiving servers on the basis of the “From:” address (The main email address that the end user is concerned with).
The receiving email server checks the DMARC record located at the domain found in the “From:” address and sends .xml format reports to the RUA and RUF addresses found within.
Some receiving servers do not send back the necessary reports, meaning the traffic, without other means, would go unaccounted for. For the most part, this is not of concern as the sample of data sent back by commonly reporting servers is plenty to configure your legitimate senders.
What is OnDMARC’s Office 365 Reporting Module?
OnDMARC’s Office365 Reporting Module is a Powershell script that runs on your Office365 environment, upon receiving an email with a relevant “From:” address it will generate a .csv file which is similar in format to a DMARC aggregate report. This report is sent to your OnDMARC reporting address and ingested by OnDMARC.
The information gathered from these reports is shown under Reports in a separate “Office 365” tab.
What are the benefits of implementing the O365 Reporting Module?
Seeing internal traffic on behalf of your domain can cover a number of blindspots created by lack of reporting from certain servers. If your inbound emails are not reported on, any sending services that send only internally such as payroll, HR or account systems will go unseen in the standard DMARC reports.
The OnDMARC Office 365 Reporting Module will ensure that you have aggregate information on these senders which will give you the valuable insight required to authenticate this traffic and maintain it’s deliverability during the process of getting your domain to p=reject.
You will also gain visibility on any spoofing attempts sent into your environment, without the reporting module spear-phishing attacks against your CEO and finance team could go unseen.
What information will I see in OnDMARC?
Below is a screenshot of the information that will be shown in OnDMARC when the O365 reporting module is implemented.