SSL Certificate Analysis for microsoft.com - Security Grade & TLS Configuration | DNS Gurus

Open Cached · 5m ago

74/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=microsoft.com

Issuer

C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08

Valid From

October 01, 2025

Valid Until

March 30, 2026 146 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA384-RSA

SHA-256 Fingerprint

1A:E9:4C:91:1C:5F:C4:3B:0E:44:5F:D7:D3:5E:5B:43:5C:9C:B2:40:9C:81:C7:C9:22:9F:76:A9:06:29:60:3E

Alternative Names

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Not Authorized (Potential misconfiguration)

CAA Issues

• CRITICAL: Current certificate issuer 'C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08' is NOT authorized by CAA records. Authorized CAs:

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts

Subject Alternative Names

162 domains

microsoft.com aep.microsoft.com aer.microsoft.com aether.microsoft.com afflink.microsoft.com aistories.microsoft.com alerts.microsoft.com analyticspartner.microsoft.com backoffice.microsoft.com biz4afrika.microsoft.com business.microsoft.com businesscentral.microsoft.com businessmobilitycenter.microsoft.com businessplatform.microsoft.com cashback.microsoft.com cloud-immersion.microsoft.com commercialappcertification.microsoft.com communities.microsoft.com communities2.microsoft.com community.microsoft.com connect.microsoft.com connectevent.microsoft.com crawlmsdn.microsoft.com dataplatform.microsoft.com design.microsoft.com develop.microsoft.com domains.microsoft.com dynamics.microsoft.com empresas.microsoft.com enterprise.microsoft.com entrepreneur.microsoft.com example.microsoft.com explore-marketing.microsoft.com explore-security.microsoft.com explore-smb.microsoft.com expressions.microsoft.com fuse.microsoft.com futuredecoded.microsoft.com ga.microsoft.com garage.microsoft.com gigjam.microsoft.com grv.microsoft.com hup.microsoft.com ieak.microsoft.com imagine.microsoft.com innovationcontest.microsoft.com insidemsr.microsoft.com iotcentral.microsoft.com iotschool.microsoft.com itpro.microsoft.com kleinunternehmen.microsoft.com learnanalytics.microsoft.com learning.microsoft.com lumiaconversationsuk.microsoft.com m12.microsoft.com mac.microsoft.com mac2.microsoft.com madeira.microsoft.com mango.microsoft.com mcsp.microsoft.com messenger.microsoft.com minecraft.microsoft.com mkb.microsoft.com msctec.microsoft.com msdnisv.microsoft.com msdnwiki.microsoft.com mspartnerira.microsoft.com mspress.microsoft.com music.microsoft.com mydatahealth.microsoft.com oemcommunity.microsoft.com ondernemers.microsoft.com online.microsoft.com onlinelearning.microsoft.com open.microsoft.com openness.microsoft.com partnercommunity.microsoft.com partnerincentives.microsoft.com phoenixcataloguat.microsoft.com pinpoint.microsoft.com pinunblock.microsoft.com pme.microsoft.com pmi.microsoft.com powerapps.microsoft.com powerautomate.microsoft.com powerpages.microsoft.com powerplatform.microsoft.com powervirtualagents.microsoft.com pymes.microsoft.com real-stories.microsoft.com reroute443.microsoft.com researchforum.microsoft.com rss.microsoft.com s.microsoft.com sar.microsoft.com sds.microsoft.com shop.microsoft.com snackbox.microsoft.com sponsors.microsoft.com spur.microsoft.com stationq.microsoft.com store.microsoft.com stream.microsoft.com studentpartners.microsoft.com successionplanning.microsoft.com successionplanninguat.microsoft.com szkolyprzyszlosci.microsoft.com tco.microsoft.com techacademy.microsoft.com terraserver.microsoft.com upgradecenter.microsoft.com visio.microsoft.com wwwbeta.microsoft.com yourchoice.microsoft.com ceoconnections.event.microsoft.com cobra.me.microsoft.com hxd.research.microsoft.com ideas.fabric.microsoft.com mvtd.events.microsoft.com ppe.sds.microsoft.com skypeandteams.fasttrack.microsoft.com www.aep.microsoft.com www.aer.microsoft.com www.cashback.microsoft.com www.formspro.microsoft.com www.microsoftdlapartnerow.microsoft.com www.powerautomate.microsoft.com test.ideas.fabric.microsoft.com www.skypeandteams.fasttrack.microsoft.com

Other domains in certificate

businesscentral.com www.businesscentral.com

copilot.ai discover.copilot.ai

copilot.com discover.copilot.com www.copilot.com

cpt.link www.cpt.link

developervelocityassessment.com www.developervelocityassessment.com

yarp.dot.net

gears5.com www.gears5.com

gearstactics.com www.gearstactics.com

getlicensingready.com www.getlicensingready.com

www.jclarity.com

microsoft.com.au www.microsoft.com.au

www.microsoft365copilot.com

microsoftstream.com web.microsoftstream.com www.microsoftstream.com

aus.delve.office.com ind.delve.office.com jpn.delve.office.com kor.delve.office.com

msaidatastudio.officeppe.net

seeingai.com

techinnovatorsspotlight.com www.techinnovatorsspotlight.com