SLM Rijk Forum Standaardisatie letter DANE Exchange Online
Content
Confidential
Vergadering: Forum Standaardisatie 12 april 2023
Agendapunt: 5C
Documentnummer: FS-20230412.5C
Download hier de PDF versie van dit vergaderstuk. Wij kunnen de digitale toegankelijkheid van het PDF bestand niet garanderen.
Rechten: CC0 publieke domein verklaring
30 January 2023
Dear [verwijderd]
Re: Concerning Lack of Support for DANE and IPv6 on Exchange Online
Further to my letter to you of 20th January, 2023, I am responding to your letter dated 2nd January 2023, concerning Inbound Support for DNSSEC/DANE for SMTP to Exchange Online and IPv6 on Exchange Online.
DANE (secure mail transport)
Again, I would like to start by thanking you for the constructive dialogue on this topic to-date and to express my desire and intent that we remain in a constructive dialogue moving forward. Indeed, it has been partly as a result of the past dialogue between our organizations, and as part of Microsoft’s ongoing commitment to help improve security, that we have made considerable progress in adding DANE support for Microsoft’s products, including that Microsoft now supports DANE for outgoing mail.
With regard to the July 2023 target date that was communicated for deployment of inbound support for DANE in Exchange Online, I have to inform you that Microsoft now expects a delay to this milestone. The reason for this delay is a combination of resourcing constraints and critical stability priorities arising for engineering teams working on technology fundamental to this functionality. I stress however that this anticipated delay does not change Microsoft’s intention to support this feature.
We apologize for the change in our schedule, and we will get back to you as soon as possible to let you know the new target date. As I am sure you will appreciate, any target date regarding an implementation of change involving such complexity can only ever be an estimate and is always subject to change. It is for this reason that on our Microsoft 365 roadmap site we have stressed that a target date is always an estimate.
Until Microsoft supports this feature, and to demonstrate our good faith, please note the following:
- We are exploring, similar to what we did with outbound DANE, whether we will be able to offer a selected subset of government tenants a private preview access to this feature once implementation is nearing To facilitate this approach, we would be happy to setup a meeting with Microsoft’s engineering team to explore the approach we could take for such a preview;
- M365 employs many other different security methods and mechanisms that also mitigate against the risks that DANE seeks to address. In the absence of DANE, there are therefore other security measures integrated into the M365 platform that also provide complimentary protections to DANE. We would be happy to explain this further and to support you in explaining this to your stakeholders;
- We would also as a matter of courtesy point out that any customer who seeks full DANE compliance today has the option of using a third-party solution to achieve this.
IPv6 (reachability)
Microsoft will assist SLM Rijk and Forum Standaardisatie in a common process to assist governmental entities that have not yet enabled IPv6. We will provide a dedicated Customer Success Account Manager from our specialist Public Sector Team, who can assist a governmental entity that experiences problems after following the step-by-step IPv6 activation plan.
We therefore propose a meeting between SLM Rijk, Forum Standaardisatie and Microsoft to align on this process and create awareness to assist the remaining entities for IPv6 implementation.
On behalf of Microsoft, I want to thank you for the ongoing collaborative engagement, and I look forward to making continued progress enabling the Dutch Government in its deployment and adoption of Microsoft Online Services.
With kind regards,
[handtekening verwijderd]
[naam verwijderd]