Strategy for better compliance on MS 365

I am seeing some failures on the MS365 portal that was over 100% the week before.

We updated our settings to get the working on 11/16 and from 11/17 to 11/20 showing 100% compliance. Without making any changes, the compliance rate dropped off for that same subdomain.
Any ideas on how we need to get our subdomains recognized properly?

Hi Sean and welcome to the forums

The steps to take depend entirely on the reason of the compliance gap. A drop in compliance can have several causes. To name a few but by no means being a comprehensive list:

  • Domain DNS issues
  • Receiver DNS issues
  • Misconfiguration of email authentication mechanisms
  • SPF or DKIM failing due to a recent configuration change
  • Miscategorized forwarding causing SPF/DKIM compliance drop in data set, primarily due to DKIM failing.

These are some of the most common reasons why a compliance gap may be observed. It can be challenging to understand the cause of a gap simply by looking at the DMARC in some cases. For privacy reasons, I recommend you reach out to our support team at They will happily go over the data with you to help you come up with a troubleshooting approach to understand the reason of the gap and if any remediative action is necessary.

1 Like