Introducing cloud.microsoft: a unified domain for Microsoft 365 apps and services

PeterForster  - the reason for needing to have other domains is security.  In the world of web applications certain types of content should not be mixed under the same domain root (or same eTLD+1 in technical terms). For example, if the application needs to interact with active content (such as scripts embedded into files) that is provided by customers or delivered through 3rd parties, such content should reside in a separate root (eTLD+1) domain in order to ensure that it cannot steal application secrets (such as web cookies).  Such domain isolation principle is enforced by all web browsers by default and is followed by most SaaS applications, including non Microsoft.  The result is better security for the user using the application.

The good news is that application connections to all those extra domains created for isolation purposes stay behind the scenes, the user never sees them and the clients make them in the background.  IT Admins, responsible for network allow-listing still need to know and not block those domains (that was the purpose of the message post).  But as far as the user is concerned and they only *see* in the browser address bar - is that they are interacting with the application under a single, familiar and trusted cloud.microsoft domain.