DKIM

Upgrade 1024 to 2048 bits on a domain

Get the GUID:

Get-DkimSigningConfig -Identity <Domain for which the configuration was set> | Format-List

Upgrade (4 takes to rotate):

Rotate-DkimSigningConfig -KeySize 2048 -Identity {Guid of the existing Signing Config}

Check:

Get-DkimSigningConfig -Identity <Domain for which the configuration was set> | Format-List

DKIM for new domain

Generate config (if not already)

 New-DkimSigningConfig -DomainName example.com -KeySize 2048 -Enabled $false

Create the DNS records:

Host name:

selector1._domainkey.example.com

Points to:

selector1-example-com._domainkey.exampletenant.onmicrosoft.com

Host name:

selector2._domainkey.example.com

Points to:

selector2-example-com._domainkey.exampletenant.onmicrosoft.com

Enable

Set-DkimSigningConfig -Identity example.com -Enabled $true

Rotate the keys if needed as per above.

Why?

If one selector is blank... or if somehow still on 1024 bits.