Hi Simon Khera, The DKIM domain enhancement to Advanced Delivery is expected to release at the end of September. (Please see M365 Roadmap item: Feature ID 82083). As mentioned in my above response to a similar question: If specifying 10 sending domains doesn’t meet a phishing simulation vendor's needs, they could instead sign all of their messages with a phishing simulation vendor DKIM domain. The limit on the domain field is still 10 (can be a mix of P1 sending domains and DKIM domains). The security admin (end user customer) would then have the option to enter either sending domain or the one phish sim vendor's DKIM domain via the new advanced delivery policy based on the phishing simulation vendor's guidance. The DKIM domain creates another secure option giving customers the flexibility to utilize sending domains and/or DKIM domains. In order for this option to work, the phishing simulation vendor will need to implement DKIM domain in their phishing simulation offerings to customers. We will continue to evaluate the solution and welcome engaging and collaborating with phishing simulation vendors on their specific phishing simulation campaign needs and how to best configure in Defender for Office 365 with security in mind.
Please stay tuned for more info. We will be releasing a message center post for the upcoming release with additional details shortly.