MSDigest.net - Microsoft 365 insights from the field

Email Security Foundations #06 – DKIM: key rotation, third-party senders and troubleshooting

2026.05.19 by Peter Schmidt

This post is part of the Email Security Foundations series on MSDigest.net. Rotating DKIM keys Key rotation is good practice. If a private key is ever compromised, rotating limits how long an attacker can use it. Exchange Online makes this easy. How to connect to Exchange Online using PowerShell to rotate the DKIM Keys. After rotation Exchange Online switches to the other selector automatically. The old selector stays valid for a while so messages already …

Microsoft Purview reference architecture diagrams – what’s in them and why it matters

2026.04.14 by Peter Schmidt

Microsoft published a set of reference architecture diagrams for Purview. If you work with M365 data protection, they’re worth reading. There are 11 diagrams, from the Microsoft Purview Customer Excellence Engineering team, covering the full stack: They’re reference flows, not implementation guides. They won’t tell you how to build a policy, but they help you understand why one behaves the way it does, which is often more useful. Where to find the diagrams All diagrams …

Email Security Foundations #05 – DKIM deep dive: signing, selectors and how verification works

2026.05.192026.03.20 by Peter Schmidt

This post is part of the Email Security Foundations series on MSDigest.net. What DKIM actually does DKIM stands for DomainKeys Identified Mail. Where SPF checks where a message came from, DKIM proves that the message hasn’t been changed while it was in transit. When you send an email, your mail server adds a cryptographic signature to the message. When the receiving server gets it, it looks up your public key in DNS and uses that …

Email Security Foundations #04: SPF mistakes, troubleshooting, and validation

2026.03.19 by Peter Schmidt

This post is part of the Email Security Foundations series on MSDigest.net. The mistakes that break SPF quietly SPF usually does not fail in loud or obvious ways. Mail does not bounce with a helpful error message. It just gets filtered, delayed, or rejected somewhere else. You only find out when someone eventually asks, “Did you get my email?” These are the mistakes I see most often, and how to fix them. Multiple SPF records …

Is Your On-Premise Exchange Server Ready for March 22nd 2026?

2026.03.192026.03.18 by Peter Schmidt

If you run an on-premises Exchange Server or any Windows-based SMTP relay that sends mail to or receives mail from Exchange Online, then you might have a hard deadline coming up: March 22, 2026. Miss it, and you can risk breaking your mail flow, if the Root Certificates used by Exchange is not updated. What Is Changing Microsoft Exchange Online is switching its TLS certificates to the DigiCert Global Root G2 certificate authority. This is …

Microsoft 365 insights from the field

A blog by Peter Schmidt about Security, Identity, Email Protection, Compliance, AI & Copilot, and Tenant-to-Tenant migrations