search

KelvinTegelaar / CIPP

CIPP is a M365 multitenant management solution
https://cyberdrain.com / https://cipp.app
GNU Affero General Public License v3.0
813 stars 5.03k forks source link

[Feature Request]: SMTP DANE/mx.microsoft enablement/readiness in report or individual domain check. #2887

Closed github-inosek-com closed 2 months ago

github-inosek-com commented 2 months ago

Description of the new feature - must be an in-depth explanation of the feature you want, reasoning why, and the added benefits for MSPs as a whole.

SMTP DANE with DNSSEC is now in public preview. Migrating customer over require the following to be evaluated:

  1. Is MTA-STS deployed (That's something already done in the individual domain check.)
  2. Is the domain already using the new MX format: .*.mx.microsoft
  3. Is DNSSEC enabled (That's something already done in the individual domain check and domain analyser.)

Having visibility in the Domains Analyser to see MTA-STS pass or missing and SMTP DANE pass or missing would be an invaluable tool for human error during the whole migration ordeal.

PowerShell commands you would normally use to achieve above request

Enable-DnssecForVerifiedDomain -DomainName Enable-SmtpDaneInbound -DomainName

Microsoft documention on it: https://learn.microsoft.com/en-us/purview/how-smtp-dane-works?view=o365-worldwide#how-can-exchange-online-customers-use-inbound-smtp-dane-with-dnssec-in-preview

Microsoft DNSSEC and DANE Validation Test: https://testconnectivity.microsoft.com/tests/O365DaneValidation/input

KelvinTegelaar commented 2 months ago

We currently have an Feature Request stop as we're doing a rewrite.