MicrosoftWill Microsoft support MTA-STS for the *.onmicrosoft.com fallback domains so that we can enforce TLS for email submissions e.g. from on-premises email servers?
We tried doing this ourselves but we would need to obtain an SSL certificate for mta-sts.<tenantdomainname>.onmicrosoft.com - this is not possible to obtain from our external certificate authority (e.g. Azure CDN) since we cannnot create CNAME records via the https://admin.microsoft.com/
However wouldn't it make more sense for Microsoft to publish a default mta-sts.<tenantdomainname>.onmicrosoft.com for ALL domains including TXT records which would improve tenant security for everyone? Can't see why you wouldn't want to do this.
