Thanks Chris - the extra info/context is super helpful.

We have a tool in place (like Agari) to aggregate the reporting to then use in building out our SPF and DKIM setup in prep for DMARC - we're just missing so much not having reporting/telemetry coming from O365 and feeding into the tool we use.

I'm not ready to give up on this one just yet - so will keep poking to see if I can get something more.

Cheers,

Scotty

@MathBSQ 

Valimail is a reporting tool (similar to something like Dmarcian), this doesn't address the issue of Microsoft not sending DMARC reports. 

For example I run HelpScout as a help desk for one business, DKIM, SPF and DMARC are all configured. I can see that Google, Yahoo, etc. are receiving emails from Helpscout and they are passing and domain aligned. Great.

But then a customer tells me the emails are going to his junk folder, I check and he is on Office365...

I have no visibility from Microsoft servers if they are happy with the email authentication or not. I assume they are, but I have no idea. I also have no idea if anyone is trying to spoof our domain to Office365 users.

The same problem if I am helping other clients not on Office365 with their deliverability...

I just don't understand why Microsoft wouldn't comply with the DMARC reporting like all the othe big providers?

Thanks @Christopher Hoard 

My question is less about report aggregation (like Agari) and more about MS producing DMARC failure and aggregate reports from O365 (like Gsuite and others do) that are sent to whoever we specifcy in our DMARC record so we can then do the aggregation.

Without DMARC reporting generated from O365 - we're missing a huge amount of data/visibiltiy into what is passing and failing our DMARC records.

Thanks @Christopher Hoard 

Yeah, no problems.  I've tried the last couple of times I was in Redmond to find the right person within O365 to understand where this sits but haven't had a huge amoutn of luck.

Apprecaite the responses.

Cheers!

@Christopher Hoard 

This Uservoice is currently #7 in General... 

https://office365.uservoice.com/forums/264636-general/suggestions/11094318-dmarc-aggregate-reports-f...

General is probably not the best place for it, but surely that should get it some attention?

I feel like a few high profile tech/security reporters need to write up a scathing article or 3 about about this to get some traction...

@Mark Penney 
"Valimail is a reporting tool (similar to something like Dmarcian), this doesn't address the issue of Microsoft not sending DMARC reports. "
This seems odd, as Microsoft promotes this service and Valimail says it completes O365. And their service is free specially for O365 customers!
Just made an account with them, waiting for any data to appear to the dashboard. 
If this works, it tells that MS is letting the reports to certain partners, but not all. Then we might discuss about visibility and equality....

@dolce-anthonyhave you seen this - https://www.microsoft.com/security/blog/2021/09/01/get-free-dmarc-visibility-with-valimail-authentic... "September 1, 2021 Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365"