Exchange Online - No DKIM keys saved for this domain

I recently came across an interesting issue when attempting to enable DKIM for a domain in Exchange Online. When accessing the DKIM options via the Exchange Admin Center, I didn’t have the option to enable DKIM, instead saw the “No DKIM keys saved for this domain” message shown in the screenshot below: Fortunately, we are able to manage DKIM configuration via PowerShell. Once connected to Exchange Online, you can list the DKIM cmdlets using Get-Command:

1
Get-Command -Module tmp_dmwhjqj3.m1c *dkim*

We can use New-DkimSigningConfig cmdlet to enable DKIM for a particular domain:

1
New-DkimSigningConfig -DomainName domain.com -Enabled $True

Once run, you’ll notice that the Exchange Admin Center will now show DKIM as enabled for the domain. If you haven’t already, you’ll also need to create the relevant DNS records to ensure that DKIM functions correctly. The following records will be required:

  • selector1._domainkey.domain.com = CNAME: selector1-domain-com._domainkey.tenant.onmicrosoft.com
  • selector2._domainkey.domain.com = CNAME: selector2-domain-com._domainkey.tenant.onmicrosoft.com

Fellow MVP Jaap Wesselius has a great post on SPF, DKIM and DMARC.