SSL Certificate Analysis for azure.com - Security Grade & TLS Configuration | DNS Gurus

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=gamedev.microsoft.com

Issuer

C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08

Valid From

October 01, 2025

Valid Until

March 30, 2026 146 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA384-RSA

SHA-256 Fingerprint

B7:FA:61:19:17:CC:9D:80:98:6E:7F:58:B8:AC:E2:4D:8F:F3:7A:EA:ED:02:8C:57:56:E6:38:E3:31:5E:60:D8

Alternative Names

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Not Authorized (Potential misconfiguration)

CAA Issues

• CRITICAL: Current certificate issuer 'C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08' is NOT authorized by CAA records. Authorized CAs:

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts

Subject Alternative Names

141 domains

azure.com windowsazure.com www.azure.com www.windowsazure.com

Other domains in certificate

adatum.com www.adatum.com

alpineskihouse.com www.alpineskihouse.com

acom.azure.net acomdocs-staging.azure.net

bellowscollege.com www.bellowscollege.com

bestforyouorganics.com www.bestforyouorganics.com

consolidatedmessenger.com www.consolidatedmessenger.com

contososuites.com www.contososuites.com

copilot.si www.copilot.si

community.copilotstudio.com

fabrikam.com www.fabrikam.com

fabrikamresidences.com www.fabrikamresidences.com

fineartschool.net www.fineartschool.net

firstupconsultants.com www.firstupconsultants.com

fourthcoffee.com www.fourthcoffee.com

graphicdesigninstitute.com www.graphicdesigninstitute.com

forums.hololens.com

humongousinsurance.com www.humongousinsurance.com

lamnahealthcare.com www.lamnahealthcare.com

libertysdelightfulsinfulbakeryandcafe.com www.libertysdelightfulsinfulbakeryandcafe.com

lucernepublishing.com www.lucernepublishing.com

margiestravel.com www.margiestravel.com

biomedsearch.microsoft.com businessapplications.transform.microsoft.com cacademystage.microsoft.com cce.microsoft.com ccf.microsoft.com datamigration.microsoft.com devicemanagement.microsoft.com employeeexperience.microsoft.com endpoint.microsoft.com events.msdn.microsoft.com ex.microsoft.com formspro.microsoft.com gamedev.microsoft.com gamedeveloper.microsoft.com gamedevelopment.microsoft.com getrewarded.microsoft.com govscreening.microsoft.com hxsdk.corp.microsoft.com innovation.microsoft.com mesh.cloud-dev.microsoft.com mi.microsoft.com microsoftviva.microsoft.com msp.msdn.microsoft.com myignite.microsoft.com phylod.research.microsoft.com portal-selfhost.mesh.microsoft.com portal.startups.microsoft.com powerautomateweb.microsoft.com preview.mesh.microsoft.com priva.microsoft.com research.microsoft.com researchsummit.microsoft.com screening.microsoft.com secure.microsoft.com securityhub.transform.microsoft.com selfhost.mesh.microsoft.com services.premier.microsoft.com shopping.microsoft.com snowleopards.microsoft.com solutions.diagnostics.support.microsoft.com to-do.microsoft.com todo.microsoft.com virtualchat.support.microsoft.com viva.microsoft.com workshops.microsoft.com www.azure.microsoft.com www.gamedev.microsoft.com www.gamedeveloper.microsoft.com www.gamedevelopment.microsoft.com www.msdn.microsoft.com

partnerclub.microsoft.fr

endpoint.microsoft.us

copilot.microsoft365.com

microsoftadvertising.ai www.microsoftadvertising.ai

minecrafteducation.com www.minecrafteducation.com

munsonspicklesandpreservesfarm.com www.munsonspicklesandpreservesfarm.com

nodpublishers.com www.nodpublishers.com

northwindtraders.com www.northwindtraders.com

noslidesattached.com www.noslidesattached.com

noslidesattachedpodcast.com www.noslidesattachedpodcast.com

outlookalki.com

proseware.com www.proseware.com

smartscreentestratings.com www.smartscreentestratings.com

smartscreentestratings.net www.smartscreentestratings.net

smartscreentestratings1.com www.smartscreentestratings1.com

smartscreentestratings1.net www.smartscreentestratings1.net

smartscreentestratings2.com www.smartscreentestratings2.com

smartscreentestratings2.net www.smartscreentestratings2.net

southridgevideo.com www.southridgevideo.com

partners.surface.com

tailspintoys.com www.tailspintoys.com

thephone-company.com www.thephone-company.com

treyresearch.net www.treyresearch.net

wideworldimporters.com www.wideworldimporters.com

wingtiptoys.com www.wingtiptoys.com

woodgrovebank.com www.woodgrovebank.com