Share via

Dedicated email for the Azure services

Ishan Herath 40 Reputation points
2025-04-17T06:17:46.9133333+00:00

We are going to use Azure SendGrid SaaS for our email migration. For the moment, we are using my company's email, like myname.XXXXatcompany.com, for testing the service, but when we go live, what is the best practice? I noticed there is a possibility to use the dedicated email address for the service, like sendgridXXXatcompany.com. Meanwhile, there are some ISO27K and GDPR recommendations not to use shared accounts then What is the common and best use for subscribing to the Azure service?

Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
257 questions
Accepted answer
  1. Ravi Kanth Koppala 3,391 Reputation points Microsoft Employee Moderator
    2025-04-22T17:52:05.74+00:00

    Hi @Ishan Herath

    It looks like you're figuring out the best practices for using Azure SendGrid for your email migration. Here’s a summary of what you should consider:

    Avoid Personal Accounts for Production: While it’s fine to use your company email for testing, it’s essential to have a dedicated email for production. This prevents access issues when personnel changes occur and maintains better oversight.

    Be Cautious with Shared Accounts: Using shared or generic mailboxes is not recommended without proper governance in place. Ensure that access is controlled, traceable, and auditable, especially considering GDPR and ISO certifications.

    Use Dedicated, Managed Service Accounts: Set up a dedicated service account for SendGrid that isn’t tied to a single employee. This should be managed through your organization’s identity governance, like Azure Active Directory (AAD). Implement Multi-Factor Authentication (MFA) and Conditional Access where needed.

    Consider Domain and Branding: It’s a good idea to create a dedicated subdomain for your emails, like emails.company.com, to improve deliverability and maintain reputation management.

    Monitor and Audit: Log access to the Azure portal and SendGrid accounts for security and compliance purposes. Ensure you're rotating API keys regularly and restricting IP access as feasible.

    Here are some follow-up questions to help clarify your situation:

    • Are you currently using any specific Azure services apart from SendGrid for your email needs?
    • Do you have a team or individual dedicated to managing the email service and ensuring compliance?
    • What’s your timeline for going live with the new email setup using Azure SendGrid?
    • Are there any specific compliance requirements or policies your organization must adhere to that we should consider? I hope this helps you get on the right track! If you have more questions, feel free to ask.
    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vinodh247 33,696 Reputation points MVP Moderator
    2025-04-18T16:54:06.2+00:00

    Hi ,

    Thanks for reaching out to Microsoft Q&A.

    When using Azure services like SendGrid for production workloads, especially for email-related workflows, the best practice involves balancing operational efficiency, compliance, and security.

    Here is a breakdown of what you should consider:

    1. Do Not Use Personal/Named Accounts for Production

    Using personal accounts like ******@company.com is acceptable for testing, but not for production. Reasons:

    Non-transferable: When the employee leaves, access can be lost or complicated.

    Audit & accountability issues.

    1. Do Not Use Shared/Generic Mailboxes Without Proper Governance

    GDPR and ISO/IEC 27001 (ISO27K) discourage shared accounts unless:

    They are well-controlled.

    • You implement RBAC (rbac).

    Access is traceable and auditable.

    1. Best Practice for Production Usage with Azure SendGrid:

    Use a Dedicated, Managed Service Account

    Example: ******@company.com, ******@company.com, ******@company.com

    Register this as a functional mailbox or service principal and not tied to a single person.

    • Manage it via your organization's Identity Governance (ex: AAD).

    Enable MFA and Conditional Access

    If interactive login is required for portal access or API key management.

    Use SendGrid API Keys

    Generate API keys with least privilege.

    Rotate API keys periodically.

    Restrict IPs for API usage if possible.

    Audit and Monitor Access

    Log who has access to:

    Azure portal subscription.

    SendGrid dashboard/API.

    Email templates and sending domains.

    1. Domain and Branding

    Set up a dedicated subdomain for transactional emails:

    • for example., emails.company.com, notifications.company.com

    Improves deliverability, allows DKIM/SPF/DMARC alignment, and avoids affecting your root domain reputation.

    1. Azure Subscription Ownership
    • Use AAD Groupbased access to manage role assignments.

    Avoid giving subscription ownership to personal accounts.

    • Use Service Principals or Managed Identities where applicable.

    Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.