In 2019, Microsoft included ARC support on their Microsoft 365 Roadmap, stating that “(ARC) is now enabled for Office 365 hosted mailboxes.” But at the time, it was only being used for Microsoft senders, or between Office 365 tenants. In 2022, they expanded this to include third party ARC sealers configured on a per-tenant basis.

Microsoft diagram, email message flow using ARC with Office 365

Diagram courtesy Microsoft Defender for Office 365 Blog

The original announcement described the benefits ARC could bring to the users of Office 365 who receive email that has been processed by intermediaries. These third parties might be outsourced help desk operators, or compliance and archiving solutions, or email security and anti-abuse providers. However the announcement ended with the caution that, at that time, ARC was only being evaluated for messages sent between Microsoft systems and/or customers, and that they “plan to add support for third party signers in the future.”

In June 2022, an article was published on the Microsoft Defender for Office 365 Blog that described ARC and how Office 365 tenants would be able to use a new “Trusted ARC Sealers” feature to identify intermediaries that they were using, whose authentication results – recorded in their ARC seals – should be used if they validated. An associated article (Make a list of trusted ARC Senders to trust legitimate indirect mailflows) described how Microsoft Defender 365 administrators could create a list of Trusted ARC Sealers.

This was a long-awaited development, though introduced rather quietly, and Microsoft deserves credit for helping to advance the utility of ARC for enterprise email users. It would be interesting to see what impact it has had for Office 365 tenants who have populated their Trusted ARC Sealers list since the announcement.