SPF, DKIM and DMARC bypassed for guest users
I manage a small non-profit using Microsoft 365 Business Basic. Most of the people on our board of directors are added as unlicensed guest users so that they can participate in Teams chats and meetings and to access our Sharepoint without using up a license. The problem: any email sent from an internal licensed user (or shared mailbox) to one of these guest users completely bypasses our domain's SPF, DKIM and DMARC configuration, resulting in bounced emails (particularly for recipients using gmail). Mail sent from an internal licensed user to any external address NOT registered as a guest user correctly passes SPF, DKIM and DMARC checks. I gather that this is because guest users are viewed as "internal" despite having external email addresses, but it seems like a serious limitation if I cannot reliably send email to anyone who is a guest user. Is there any extra configuration I can do to enable SPF, DKIM and DMARC for email to guest users?
I Can't use my own name to create a new Microsoft account in India.
I am an Indian Microsoft user, my full name is Aryan Rajput, which is legally registered by my parents in my country Republic of India. I don't know any norms of European countries about registering names, I don't know what restrictions are made, I can clarify my name, in my present situation is legal and legit. Moreover, none of my associates (including my parents) are pro-Nazi, and let me tell you leader of Nazism (I don't want to tell his name here hence I might be banned maybe) inspired by Indian culture and adopted terms like my name (Aryan means noble). Hence Microsoft should allow me to adopt my name in creating new account, because it's my right! At least they must allow in India where it is legal I hope the management would take necessary steps accordingly
revision de ortografia en outlook
Hola comunidad!!! en la nueva version de outlook tengo elegidos 2 idiomas: cuando se escribe texto en ingles sale todo marcado si realizo el cambio de idioma preferido a Ingles funciona, pero después al crear un nuevo correo en español salen marcadas todas. como hacer para que esto no suceda independiente del idioma en que se crea el correo, es decir que sea detectado de forma automatica e indique correcciones ortográficas segun lo que se escriba, en las opciones de idiomas de correcccion aparece hasta 3 idiomas.. falta algo por configurar?? Gracias...Creating a Microsoft 365 Retention Policy for Shared Mailboxes
After being asked whether licenses are needed to include shared mailboxes in Microsoft 365 retention policies, I investigated and found that licenses are not. This led to a consideration of the steps needed to create a special retention policy for shared mailboxes (with PowerShell, naturally) and how to avoid retention setting collisions with other policies. All explained in detail here. https://office365itpros.com/2025/08/05/shared-mailboxes-retention/M365 Backup Only Covers 1,000 Users
Hello everyone, I have a question: I created an Exchange backup policy using a dynamic rule based on security groups that include around 140,000 accounts. However, when I reviewed the policy 3–4 days later, it seems that only 1,000 accounts are actually included in the backup. Is there a known limitation on the number of accounts supported by dynamic rules in backup policies? Or could this be a configuration issue? Thanks in advance for your help! Simon EmeryCompliance search is not returning any data (Powershell)
At our organization, we have an SOP for purging phishing emails from all mailboxes. Part of that is creating a search and then examining it for any legit emails before going on to the purge step. The commands below are no longer returning any data, and they used to work. What has changed? PS C:\Windows\system32> Connect-IPPSSession -UserPrincipalName email address removed for privacy reasons PS C:\Windows\system32> New-ComplianceSearch -Name "Broken" -ExchangeLocation All -ContentMatchQuery 'Subject:"invoice"' Name RunBy JobEndTime Status ---- ----- ---------- ------ Broken NotStarted PS C:\Windows\system32> Start-compliancesearch -identity "broken" PS C:\Windows\system32> Get-compliancesearch -identity "broken" Name RunBy JobEndTime Status ---- ----- ---------- ------ Broken admin 7/14/2025 8:17:09 PM Completed PS C:\Windows\system32> Get-ComplianceSearch -Identity "broken" | >> Select-Object Name, Status, ItemsFound, Size, CreatedBy, CreatedTime | >> Export-Csv -Path "C:\filename.csv" -NoTypeInformation The resultant .csv has only the headers, but no information about emails, so any purge commands have nothing to purge. Thank youTurning off email notifications about new comments in one certain file
Hi All! I found a solution to turn off all email notifications on new comments in my shared files (through settings on SharePoint), but it doesn't really solve my problem. In project files I work on with my colleagues, email notifications are helpful for monitoring workflows and streamline the process. At the same time, I'm an owner of yearly excel files shared with a big team in order to monitor the work on all clients and automate the visualization of it, but it gets commented on a lot and I don't need to get all of that on my Outlook. Is there any way to turn off email notifications about new comments for just one file without turning them off on all my shared files? Kind regards, Jakub BanasikThe Art of Corporate Domain Rebranding in Microsoft 365: Technical and Compliance Challenges
Introduction Corporate domain rebranding is often perceived as a simple marketing change — a new name, refreshed logo, and website updates. However, within Microsoft 365 environments, rebranding becomes a complex technical operation impacting identity systems, authentication, collaboration tools, compliance archives, and user experiences. Having led multiple major domain rebranding initiatives, I’ve uncovered strategic and technical challenges organizations must anticipate, along with best practices to ensure seamless transformation. Key Technical Challenges in Domain Rebranding 1. Email Identity and Legacy SMTP Preservation Every user, shared mailbox, and distribution list must be readdressed, preserving historical SMTP aliases for continuity and legal compliance. Reference: https://learn.microsoft.com/en-us/exchange/email-addresses-and-address-books/email-address-policies/email-address-policies 2. OneDrive for Business and SharePoint Online URL Dependencies Rebranding requires careful planning for OneDrive and SharePoint URLs, tied to the tenant’s primary domain. Microsoft now supports renaming SharePoint domains — a feature I implemented to transition from legacy SharePoint domains to new branded domains using PowerShell and Microsoft’s supported process. Reference: https://learn.microsoft.com/en-us/sharepoint/change-your-sharepoint-domain-name 3. Authentication and Directory Synchronization Impacts When using Microsoft Entra Connect (Azure AD Connect), all User Principal Names (UPNs) must be adjusted to reflect the new domain, ensuring no disruptions to hybrid synchronization or Conditional Access policies. Reference: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sync-staging-server 4. Microsoft Teams and External Federation Teams relies on domain-based routing. Updating the primary domain affects federation trust and meeting invitations, requiring proactive partner communication. 5. Compliance and eDiscovery Integrity Archived content in Exchange Online, SharePoint, and Teams must maintain legal hold continuity and eDiscovery searchability, even after email addresses change. Reference: https://learn.microsoft.com/en-us/microsoft-365/compliance/ediscovery 6. Office 365 Apps: Identity, Activation, and Licensing Breaks Apps like Outlook, Teams, Word, Excel, and OneDrive cache user credentials and domain suffixes. Rebranding can cause: Activation failures Sign-in errors in Outlook or Teams Cached credential conflicts Strategic Solutions and Best Practices 1. Dual SMTP Strategy Add the new domain as the primary SMTP, retaining previous addresses as secondary aliases to maintain continuity, customer service, and compliance. 2. OneDrive and SharePoint Communication Plan Prepare user communication plans, support documentation, and staged URL testing before renaming SharePoint Online domains. 3. UPN and Sign-In Alignment Sequence UPN updates carefully in hybrid environments, testing Conditional Access, SSO, and MFA in staging before deployment. 4. Teams External Federation Refresh Inform external partners of domain changes, validate federation re-establishment, and update meeting templates. 5. Maintain eDiscovery Chain of Custody Document every mailbox address change. Confirm Microsoft Purview holds and content searches remain intact for both old and new identities. 6. Office 365 Apps Rebinding Strategy Communicate expectations clearly Instruct users to sign out before cutover Push credential cache clearing via script or Intune Re-authenticate apps post-UPN change Lessons Learned Rebranding is an identity transformation, not just cosmetic. Office apps can silently break; proactive reconfiguration avoids support spikes. Testing is non-negotiable. Communication reduces user friction and IT escalations. SharePoint domain renaming works with precision when following Microsoft’s official process. Conclusion Corporate domain rebranding in Microsoft 365 is a delicate balance of technical precision, compliance management, user experience preservation, and Office app continuity. Done correctly, it strengthens organizational agility and brand alignment without sacrificing trust. Cloud identity is brand identity — and managing it well is an art. About the Author Gonzalo Brown Ruiz is a Senior Microsoft 365 Engineer and Cloud Security Specialist with over 21 years of experience delivering secure, compliant, and resilient cloud environments across North America and Latin America. Specialized in Microsoft Teams, Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Purview, and Entra ID.
