Freddie Leeman
Microsoft (Outlook.com and Outlook Enterprise) has ceased issuing DMARC reports. We observed an 85% reduction from the 22nd of February and a further 99% decrease from the 23rd. As of yesterday, we haven't processed any reports from them.
Feb 29, 2024 at 10:53pmWeb
Show threadFreddie LeemanFeb 29, 2024

It seems Microsoft is dispatching DMARC reports, but there's an issue with their SMTP transmission.

Rather than using the standard format
MAIL FROM: <[email protected]>

they are including additional attributes:
MAIL FROM: <[email protected]> XATTRDIRECT=Originating XATTRORGID=xorgid:<GUID>

resulting in a syntax error, causing the emails not to get delivered and processed.

Show threadnakFeb 29, 2024
@freddieleeman you probably now need an E5 license to receive the reports
Show threadFreddie LeemanFeb 29, 2024
Turns out that Microsoft is unable to do basic SMTP communication: https://techcommunity.microsoft.com/t5/exchange/microsoft-dmarc-aggregate-report-smtp-issues/m-p/4072531
Microsoft DMARC aggregate report SMTP issues

Since 2024-02-24 06:46:45 UTC, we've stopped processing Microsoft's DMARC reports. An investigation revealed that the issue stems from Microsoft's..

TECHCOMMUNITY.MICROSOFT.COM
Show threadJoshua SmallMar 1, 2024

@freddieleeman They also don't "Reject" properly. If your domain is set to dmarc=reject, and your Office 365 policy is set to "honour dmarc reject", every time I send you a spoofed email from yourself you will receive a bounce message with the malicious email attached.

MS Security confirmed WONTFIX. It's a form of filter bypass because even content that would be blocked by malware detection now lands in your inbox.