Microsoft Azure SPF and DKIM configuration | EasyDMARC

Microsoft Azure SPF and DKIM configuration: Step By Step Guideline

4 Min Read
Microsoft Azure

This instructional article will demonstrate the Microsoft Azure configuration process of Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) Signatures to ensure Microsoft Azure passes the DMARC alignment check and eliminate spam from your domain and increase security.

The SPF record identifies the mail servers and domains that are allowed to send email on behalf of your domain. The DKIM record, on the other hand, is a specially formatted DNS TXT record that stores the public key the receiving mail server will use to verify a message’s signature. These email authentication methods will be used to prove to ISPs and mail services that senders are truly authorized to send email from a particular domain and are a way of verifying your email sending server is sending emails through your domain.

The process of verifying your domain

In order to verify your domain in Microsoft Azure, please follow these steps:

  1. Login and head to your Microsoft Azure dashboard
  2. Go the overview page of the Email Communications Service resource that you created earlier
  3. Click on Setup in Setup a Custom Domain section
  4. Click Add domain on the upper navigation bar
  5. Select Custom domain from the dropdown
  6. Navigate to Add a custom Domain
  7. Enter your “Domain Name” and re enter domain name
  8. Click Confirm
  9. Click on Add
  10. After finishing the adding section, click on Verify Domain
  11. You will be navigating to Verify Domain via TXT record section
  12. Add theTXT record mentioned in this section
  13. Verify that TXT record is created successfully in your DNS and Click Done
  14. DNS changes take up to 15 to 30 minutes. Click Close
  15. Once your domain is verified, you can add your SPF and DKIM records to authenticate your domains

The process of configuring SPF

In order to verify your domain in Microsoft Azure on SPF, please follow these steps:

  1. Create a new TXT record
  2. Input the DNS name as <subdomain name>
  3. Input the DNS value as v=spf1 ~all
  4. Save the record
  5. Wait up to 72 hours to allow your DNS to process the changes

Important Note: Microsoft Azure employs the default SPF configuration, exactly like Microsoft 365/Outlook. If you already have this source in your SPF record, there’s no need to add it again.

Screenshot below will show you the example of the SPF record. We’ll be using CloudFlare for this example.

Important Note: Each domain must have only one SPF TXT Record. If you have multiple SPF Records, SPF will return a PermError

If you are using multiple IPs, ESPs, Third-Party services for your various email strategies, you should include them in a single SPF Record.
E.g v=spf1 ip4: ~all

The process of configuring DKIM

In order to authenticate Microsoft Azure on DKIM, you need to create 2 CNAME record. Please follow these steps:

  1. Login and head to your DNS Zone provider
  2. Create a new CNAME record
  3. Input the DNS name as selector1-azurecomm-prod-net._domainkey
  4. Input the DNS value as
  5. Save the record

Repeat steps 2-5 to add the second DKIM key:

DNS Name: selector1-azurecomm-prod-net._domainkey

DNS Value:

Screenshot below will show you the example of the DKIM records. We’ll be using CloudFlare for this example.

Important Note: please make sure to disable the Proxy Status and let it to remain on DNS Only.

  1. Once you have added both SPF and DKIM, navigate to Provision Domains and confirm that Domain Status is in Verified state
  2. Once your sender authentication configurations are successfully verified, your email domain is ready to send emails using custom domain

Congratulations, you now successfully authenticated your outgoing mail stream from Microsoft Azure with SPF and DKIM.

Various authors from EasyDMARC teams have contributed to our blog during company's lifetime. This author brings everyone together.


Inline Feedbacks
View all comments

succees We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.

succees You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us