Merge pull request #5341 from MithunRathinam/patch-40

Update email-authentication-dkim-configure.md

Author: chrisda

defender-office-365/email-authentication-dkim-configure.md

@@ -5,7 +5,7 @@ f1.keywords:
 author: chrisda
 ms.author: chrisda
 manager: bagol
-ms.date: 10/06/2025
+ms.date: 10/22/2025
 audience: ITPro
 ms.topic: how-to
 
@@ -503,6 +503,11 @@ If you'd rather use PowerShell to rotate DKIM keys for a domain, connect to [Exc
 
    To confirm the corresponding public key that's used to verify the DKIM signature (which infers the private key that was used to sign the message), check the **s=** value in the **DKIM-Signature** header field (the selector; for example, `s=selector1-contoso-com`).
 
+   > [!IMPORTANT]
+   > If you change the bit depth of DKIM keys from 1024 to 2048 using the _KeySize_ parameter, the update applies only to the next active selector during the first key rotation. When you rotate keys again, the previously inactive selector becomes active, and the bit depth is also updated to 2048.
+   >
+   > When you rotate DKIM keys on a domain, the change isn't immediate. It takes four days (96 hours). While the key rotation is in progress, you can't do another key rotation.
+
 For detailed syntax and parameter information, see the following articles:
 
 - [Get-DkimSigningConfig](/powershell/module/exchangepowershell/get-dkimsigningconfig)