As Microsoft cloud services have grown over the years, the domain space they live on has grown as well – into the hundreds. Over time, this fragmentation has created increasing challenges for end user navigation, administrative simplicity, and the development of cross-app experiences.
That’s why today we’re excited to announce that Microsoft is beginning to reduce this fragmentation by bringing authenticated, user-facing Microsoft 365 apps and services onto a single, consistent and cohesive domain: cloud.microsoft.
Benefits of a unified domain
Consolidating authenticated user-facing Microsoft 365 experiences onto a single domain will benefit customers in several ways. For end users, it will streamline the overall experience by reducing sign-in prompts, redirects, and delays when navigating across apps. For admins, it will drastically reduce the complexity of the allow-lists required to help your tenant stay secure while enabling users to access the apps and services they need to do their work. And for all our customers – and our developers – it will lay a foundation for better and tighter integration across the Microsoft 365 ecosystem by streamlining development and improving performance of cross-app experiences.
‘Dot brand’ top-level domains like .microsoft are an established method for enhancing the security, trustworthiness, and integrity of an organization’s web offerings. Similar to how the US government has exclusive rights to the .gov top-level domain (TLD), Microsoft has exclusive rights to the .microsoft TLD. Exclusive ownership enables enhanced security protocols and governance controls, and the value of security investments done at the top-level domain seamlessly accrue to the apps. And all experiences hosted on the .microsoft domain can be assumed to be legitimate and authentic: anyone attempting domain spoofing would have to go through Microsoft itself, as we are both the registry operator and sole registrant for this exclusive, trusted namespace.
A common term before the “dot” is also necessary in order to realize the full benefits of a unified domain. “Cloud” was selected as a durable, extensible, neutral term with a meaningful relationship to the wide range of services that will come under its umbrella, starting with Microsoft 365.
What to expect
Initially, only net-new services will be deployed on the cloud.microsoft domain. Existing workloads have a broader range of implications to consider and will transition at a slower pace. In most cases, no customer action will be needed to continue using Microsoft 365 workloads the same way you do today. Admins seeking to update their allow lists will find that *.cloud.microsoft has already been added to the official list of Office 365 URLs and IP address ranges, and end users will find that existing links and bookmarks will eventually redirect them automatically to the new domain.
Microsoft is committed to making this transition as seamless as possible for our customers. Before changing the domain for any existing service which requires customer network configuration, we will notify you at least 30 days in advance as specified in our standard network update cadence. For domain changes to our apps and services that require deeper customer actions (such as updates to customer applications), we will provide targeted communications and give ample time for you to adjust. We will also implement long-term redirects to help ensure that legacy bookmarks, hyperlinks, and connections continue to function with old domains.
To learn more, visit Managing Microsoft 365 endpoints, and be sure to join us for an Ask Microsoft Anything (AMA) on Wednesday, May 24th at 8:00 AM Pacific time to chat further with the leaders of this initiative about what to expect.
- What about workloads beyond Microsoft 365?
The current announcement is limited to Microsoft 365. We will share plans for other services in the future.
- Why not microsoft.com?
The microsoft.com domain currently hosts a wide variety of content: not just Software as a service (SaaS) apps, but also marketing, support, e-commerce, and more. Keeping SaaS experiences isolated in their own domain space establishes a clean security boundary for our compliant authenticated experiences and enables simplified endpoint allow-list management for admins. There are also anti-spoofing and integrity benefits to hosting such experiences on an exclusive, purposefully-managed TLD like .microsoft vs. a generic TLD like .com.
- Is microsoft.com going away?
No. Microsoft.com will continue to be used for non-product experiences such as marketing, support, and e-commerce. Only authenticated, user-facing product experiences will be hosted on cloud.microsoft.
Continue the conversation by joining us in the Microsoft 365 community! Want to share best practices or join community events? Become a member by “Joining” the Microsoft 365 community. For tips & tricks or to stay up to date on the latest news and announcements directly from the product teams, make sure to Follow or Subscribe to the Microsoft 365 Blog space!
 Please see the .microsoft registry agreement on the ICANN site for more background.