Microsoft 365 automatically sets up DKIM for onmicrosoft.com domains. No steps are needed to use DKIM for any initial domain names (like litware.onmicrosoft.com). For more information about domains, see Domains FAQ.
Since both 1024 and 2048 bitness are supported for DKIM keys, these directions will tell you how to upgrade your 1024-bit key to 2048 in Exchange Online PowerShell. The steps below are for two use-cases, please choose the one that best fits your configuration.
When you already have DKIM configured, you rotate bitness by running the following command:
Rotate-DkimSigningConfig -KeySize 2048 -Identity <Domain for which the configuration was set>
or
For a new implementation of DKIM, run the following command:
New-DkimSigningConfig -DomainName <Domain for which the configuration was set> -KeySize 2048 -Enabled $true
Stay connected to Exchange Online PowerShell to verify the configuration by running the following command:
Get-DkimSigningConfig -Identity <Domain for which the configuration was set> | Format-List
Below, please see a sample
Tip
This new 2048-bit key takes effect on the RotateOnDate, and will send emails with the 1024-bit key in the interim. After four days, you can test again with the 2048-bit key (that is, once the rotation takes effect to the second selector).
If you want to rotate to the second selector, after four days and confirming that 2048-bitness is in use, manually rotate the second selector key by using the appropriate cmdlet listed above.
For detailed syntax and parameter information, see the following articles: Rotate-DkimSigningConfig, New-DkimSigningConfig, and Get-DkimSigningConfig.
Ref: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-worldwide