I think you are fine - even with multiple, it should be fine.
To test it, send an email to an outlook.com address (probably works to gmail and others, but not aol) and look at the headers. If you are happy with the format, don't worry about it.
This is from my tenant with several domains - i didn't set up records for this domain and the header shows this for the DKIM:
Code:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mytenant.onmicrosoft.com; s=selector1-mydomain-net;
h=From:Date:Subject:Message-ID:Contenanttent-Type:MIME-Version;
bh={hash code}; b={signed field}
I set up a custom DKIM record for it (to verify the steps works) and now the DKIM in the header looks like this:
Code:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mydomain-net;
s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh={hash code}; b={signed field}
For DKIM, you need 2 records - i use godaddy for dns and used these values:
CNAME is selector1._domainkey
Points to selector1-mydomain-net._domainkey.mytenant.onmicrosoft.com
Create a second set using selector2 instead of selector1.
If the value isn't correct, when you try to enable it, office 365 will give you the correct value to use.
I got this back from powershell (the web interface method will also show it, but its harder to copy)
Code:
PS D:\Documents\WindowsPowerShell> New-DkimSigningConfig -DomainName outlook-tips.net -Enabled $true
WARNING: The config was created but can't be enabled because the CNAME records aren't published. Publish the following
two CNAME records, and then enable the config by using Set-DkimSigningConfig.
selector1-outlooktips-net01i._domainkey.Cdolive.onmicrosoft.com
selector2-outlooktips-net01i._domainkey.Cdolive.onmicrosoft.com
DMARC is one text record:
_dmarc
v=DMARC1; p=quarantine
The recommendadtion is to use p=none to test, but if you aren't using 3rd party mailing services, quarantine is probably ok.