Forum Discussion
Usage Of Custom Email Domain for Viva Engage communications
Can you use a custom domain for all Viva Engage communications?
Currently there's security concerns that emails from Viva Engage can not be allow listed since they use the same domain other tenants use.
We have security concerns this maybe exploited by attackers looking to exploit the platform in malicious email attacks.
What controls are there (if any) to send engagements from our custom accepted domain for the tenant so our cybersecurity teams don't have security concerns?
Also can you provide documentation that keeps the platform from being exploited by a threat actors from targeting other Microsoft 365 tenants? What controls have been implemented to keep this from being active exploited? Or has this been considered?
This has legitimate concerns from our cybersecurity teams.
Defender 365 solutions are not an acceptable answer.
2 Replies
Best to contact Microsoft support and your Microsoft account team with this concern. AFAIK the emails cannot be customized (nor can the emails that come from SharePoint, OneDrive, or Teams).
Thanks for your reply. This was mainly to get visibility to a growing problem we are seeing abused as Threat Actors utilize 365 tenants for their attacks.
