You are using the DLP Cloud Service for Email and need to add your Microsoft administrative domain (i.e., "domain.onmicrosoft.com") to the listed of Validated Domains for your Detector.
You need to know how to get the required TXT record for this domain updated, since you don't own the "onmicrosoft.com" domain.
In order to add any domains to the DLP configuration, you need to be able to add a specific domain validation code as a TXT record for the domain.
Release : 15.7
This solution is only required if both of the following are true:
Using the O365 Admin Center, it is possible to add a specific TXT record as a "Custom" record for your domain.
On saving the changes, wait for DNS to populate the update. This can be checked via NSLOOKUP of the TXT record, as we as via the MXTOOLBOX.com website.