Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.

SCORE

GRADE

FIX

REVIEW

PASS

INFO

Probed from Madrid, Spain

301 Moved Permanently

Checks

6 PASS 2 REVIEW 1 FIX

CDN & Delivery

Action

No CDN detected

FIX

No CDN detected

A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.

No CDN detected

Consider using a CDN to improve global delivery speed and reduce origin load.

Crawlability

Action

robots.txt present, sitemap with 0 URLs

REVIEW

robots.txt present, sitemap with 0 URLs

robots.txt is present

Got: 10240 bytes

sitemap.xml is present

sitemap.xml contains invalid XML

Search engines may not be able to parse the sitemap. Fix XML validation errors.

sitemap.xml is empty — no URLs found

An empty sitemap provides no value. Add <url> entries for your pages.

robots.txt does not reference a sitemap

Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.

Search engines may not be able to parse the sitemap. Fix XML validation errors.

Why this matters

An unparseable sitemap is silently ignored by Google — the URLs it advertises are never queued for crawl.

Learn more ▾

Google's sitemap parser is strict about XML validity. A single unescaped `&` or unclosed tag invalidates the whole file. Run your sitemap through a validator (Search Console's Sitemaps report flags it) and fix the offending entry. Most generators escape correctly; mistakes usually come from manually-written entries.

Source: sitemaps.org / Google Search Central

An empty sitemap provides no value. Add <url> entries for your pages.

Why this matters

An empty sitemap signals 'no content to index' to Google — actively harmful versus having no sitemap at all.

Learn more ▾

Google compares URLs in the sitemap against URLs it has crawled. An empty sitemap on a site with thousands of pages signals abandonment. Either populate it correctly (most CMSes auto-generate) or delete the file and let Google crawl normally.

Source: Google Search Central / sitemaps.org

Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.

Why this matters

robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.

Source: sitemaps.org

robots.txt 200 OK

Size 10240 B Sitemaps referenced 0 User-agents Blocking No — crawling allowed


<!DOCTYPE html>

<html dir="ltr" lang="en-US">
<head>
    <title>Microsoft 365 Copilot - Sign in</title>
    <meta id="viewport" name="viewport" content="width=device-width, initial-scale=1.0" />

        <meta name="description" content="Microsoft 365 Copilot is your AI-first productivity assistant, helping you chat, search, create, and collaborate." />
        <meta name="og:title" content="Microsoft 365 Copilot – Your AI Assistant for Work and Life" />
        <meta name="og:description" content="Discover Microsoft 365 Copilot—your AI productivity assistant. Chat, search, create, and get started with AI-powered tools for work and home." />
        <meta name="og:image" content="https://res.cdn.office.net/officehub/images/content/images/unauth-refresh/unauth-mcm-og-image-4530bc2b9f.jpg" />
        <meta name="og:type" content="product" />
        <meta name="og:locale" content="en_US" />
        <meta name="og:url" content="https://m365.cloud.microsoft" />
        <meta name="twitter:card" content="summary_large_image" />
        <meta name="twitter:title" content="Microsoft 365 Copilot – Your AI Assistant for Work and Life" />
        <meta name="twitter:description" content="Discover Microsoft 365 Copilot—your AI productivity assistant. Chat, search, create, and get started with AI-powered tools for work and home." />
        <meta name="twitter:image" content="https://res.cdn.office.net/officehub/images/content/images/unauth-refresh/unauth-mcm-og-image-4530bc2b9f.jpg" />
        <meta name="twitter:url" content="https://m365.cloud.microsoft" />
        <meta name="twitter:site" content="@Microsoft" />
        <meta name="keywords" content="Microsoft Office Online, Collaborate, Free Office, Word Web App, Outlook.com, Outlook, OneDrive, Office Online, Word Web App, PowerPoint Web App, Excel Web App, OneNote Web App, Office templates, Office 365, Microsoft Office 365" />
        <meta name="msvalidate.01" content="A219BD08BD3D60126A1DBA35BF6168E3" />
        <meta name="awa-market" content="en-US" />
        <meta name="awa-expengine" content="office.com" />
        <meta name="awa-expstatus" content="prod" />
        <meta name="awa-ver" content="5" />
        <meta name="awa-env" content="PROD" />

        <link rel="stylesheet" type="text/css" crossorigin="anonymous" href="https://res.cdn.office.net/officehub/bundles/unauth-3a910e427c.css" integrity="sha256-FdOGTYKnbEjIMhz1wxspW03lcRTzcr5kMVQadBx4nLY=" />

    <link rel="stylesheet" type="text/css" crossorigin="anonymous" href="https://res.cdn.office.net/officehub/bundles/sharedfontstyles-f7f2466ff5.css" integrity="sha256-RSxxcQrIQH2kMeEz7YMf4JxsiB8j6bDpMZL9jci6tx8=" />
    <link href="https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_light.woff2" rel="preload" as="font" type="font/woff2" crossorigin="anonymous" />
    <link href="https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_regular.woff2" rel="preload" as="font" type="font/woff2" crossorigin="anonymous" />
    <link href="https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_semibold.woff2" rel="preload" as="font" type="font/woff2" crossorigin="anonymous" />
    <link href="https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_semilight.woff2" rel="preload" as="font" type="font/woff2" crossorigin="anonymous" />

    
    

<link rel="stylesheet" href="https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/63-57d110/c9-be0100/a6-e969ef/43-9f2e7c/82-8b5456/a0-5d3913/4f-460e79/ae-f1ac0c?ver=2.0&amp;_cf=02242021_3231" type="text/css" media="all" />


        <link rel="shortcut icon" type="image/x-icon" href="https://res.cdn.office.net/officehub/images/content/images/favicon_copilot-4370172aa6.ico" />

            <link rel="dns-prefetch" href="//portal.office.com" />
            <link rel="dns-prefetch" href="//outlook.office.com" />
            <link rel="dns-prefetch" href="//login.microsoftonline.com" />
            <link rel="dns-prefetch" href="//shell.cdn.office.net" />
            <link rel="dns-prefetch" href="//appsforoffice.microsoft.com" />
            <link rel="dns-prefetch" href="//ocws.officeapps.live.com" />
            <link rel="dns-prefetch" href="//graph.microsoft.com" />
            <link rel="dns-prefetch" href="//substrate.office.com" />
            <link rel="dns-prefetch" href="//arc.msn.com" />
            <link rel="dns-prefetch" href="//res.cdn.office.net/officehub" />

        <link rel="canonical" href="https://m365.cloud.microsoft" />

        <script nonce="V3f1dWNt4v60Zv2c8IcPhw==">
            window.claritySettings = {"projectId":"suapvfcc4i","customTags":[],"eventTrackingEnabled":false};
        </script>
        <script src="https://res.cdn.office.net/officehub/bundles/microsoft-clarity-ff3e2df9ac.js" crossorigin="anonymous" integrity="sha256-ikg9vIXv/rNfy9tChr47oFC6xyWabDDgyqOyheZzN9M=" nonce="V3f1dWNt4v60Zv2c8IcPhw=="></script>
        <script type="application/ld+json" nonce="V3f1dWNt4v60Zv2c8IcPhw==">
            {"@context":"https://schema.org","@type":"WebPage","name":"Microsoft 365 Copilot","description":"Microsoft 365 Copilot is your AI-first productivity assistant, helping you chat, search, create, and collaborate with your favorite Microsoft 365 apps including Microsoft Word, Excel and PowerPoint.","publisher":{"@type":"Organization","name":"Microsoft 365 Copilot","logo":{"@type":"ImageObject","url":"https://res.cdn.office.net/officehub/images/content/images/favicon_copilot-4370172aa6.ico"}}}
        </script>

    <script id="unauthConfig" type="application/json" nonce="V3f1dWNt4v60Zv2c8IcPhw==">
        {"pathAndQuery":"/","loginUrl":"https://m365.cloud.microsoft/login?es=UnauthClick\u0026ru=%2f%3ffromcode%3dcmmyr718qsb%26refOrigin%3dOther","userConsentStatus":{"isCookieConsentRequired":true,"essentialCookiesConsented":true,"advertisingCookiesConsented":false,"analyticsCookiesConsented":false,"socialMediaCookiesConsented":false},"accountRemovedString":"Account removed","accountRemoveFailedString":"Failed to remove the account. Please try again."}
    </script>

</head>
<body style="display: none">
    <div style="display: none;">en-US</div>
    <script nonce="V3f1dWNt4v60Zv2c8IcPhw==">
        var isSessionStorageAvailable = (function() {
            try {
                return !!window['sessionStorage'];
            } catch (e) {
                return false;
            }
        })();

        if (!false || (isSessionStorageAvailable && sessionStorage.getItem('DefaultSignInCalledBefore') === 'true') || 'NewUserView' === 'SignoutUserView' || 'Default' === 'M365LaunchApp') {
            document.body.style.display = "block";
        }
    </script>
    <noscript>
        <label for="This_page_uses_JavaScript__Your_browser_either_doesn_t_support_JavaScript_or_you_have_it_turned_off__To_see_this_page_as_it_is_meant_to_appear_please_use_a_JavaScript_enabled_browser_"></label>
    </noscript>

    <div class="home__edge-parallax-fix"></div>
    <div class="home">
        <div class="home__container">
            
        <div class="home__header-footer home__header">
            



    <div id="pmg-global-header" class="log-appear">
            <div id="headerArea" class="uhf"  data-m='{"cN":"headerArea","cT":"Area_coreuiArea","id":"a1Body","sN":1,"aN":"Body"}'>
                <div id="headerRegion"      data-region-key="headerregion" data-m='{"cN":"headerRegion","cT":"Region_coreui-region","id":"r1a1","sN":1,"aN":"a1"}' >

    <div  id="headerUniversalHeader" data-m='{"cN":"headerUniversalHeader","cT":"Module_coreui-universalheader","id":"m1r1a1","sN":1,"aN":"r1a1"}'  data-module-id="Category|headerRegion|coreui-region|headerUniversalHeader|coreui-universalheader">
        


                        <div data-m='{"cN":"cookiebanner_cont","cT":"Container","id":"c1m1r1a1","sN":1,"aN":"m1r1a1"}'>

<div id="uhfCookieAlert" data-locale="en-us">
    <div id="msccBannerV2"></div>
</div>

                            
                        </div>




        <a id="uhfSkipToMain" class="m-skip-to-main" href="javascript:void(0)" data-href="#main" tabindex="0" data-m='{"cN":"Skip to content_nonnav","id":"nn2m1r1a1","sN":2,"aN":"m1r1a1"}'>Skip to main content</a>


<header class="c-uhfh context-uhf no-js c-sgl-stck c-category-header " itemscope="itemscope" data-header-footprint="/office/officeheader, fromService: True"   data-magict="true"   itemtype="http://schema.org/Organization">
    <div class="theme-light js-global-head f-closed  global-head-cont" data-m='{"cN":"Universal Header_cont","cT":"Container","id":"c3m1r1a1","sN":3,"aN":"m1r1a1"}'>
        <div class="c-uhfh-gcontainer-st">
            <button type="button" class="c-action-trigger c-glyph glyph-global-nav-button" aria-label="All Microsoft expand to see list of Microsoft products and services" initialState-label="All Microsoft expand to see list of Microsoft products and services" toggleState-label="Close All Microsoft list" aria-expanded="false" data-m='{"cN":"Mobile menu button_nonnav","id":"nn1c3m1r1a1","sN":1,"aN":"c3m1r1a1"}'></button>
            <button type="button" class="c-action-trigger c-glyph glyph-arrow-htmllegacy c-close-search" aria-expanded="false" data-m='{"cN":"Close Search_nonnav","id":"nn2c3m1r1a1","sN":2,"aN":"c3m1r1a1"}'></button>
                    <a id="uhfLogo" class="c-logo c-sgl-stk-uhfLogo" itemprop="url" href="https://www.microsoft.com" aria-label="Microsoft" data-m='{"cN":"GlobalNav_Logo_cont","cT":"Container","id":"c3c3m1r1a1","sN":3,"aN":"c3m1r1a1"}'>
                        <img alt="" itemprop="logo" class="c-image" src="https://uhf.microsoft.com/images/microsoft/RE1Mu3b.png" role="presentation" aria-hidden="true" />
                        <span itemprop="name" role="presentation" aria-hidden="true">Microsoft</span>
                    </a>
            <div class="f-mobile-title">
                <button type="button" class="c-action-trigger c-glyph glyph-chevron-left" aria-label="See more menu options" data-m='{"cN":"Mobile back button_nonnav","id":"nn4c3m1r1a1","sN":4,"aN":"c3m1r1a1"}'></button>
                <span data-global-title="Microsoft home" class

sitemap.xml 200 OK

Type URL Set URLs 0 entries Valid XML No

TLS Certificate Expiry & Recommendations

143 days until leaf cert expires — 3 issues to address

REVIEW

Certificate validity

143

days left

0d 30d 60d 90d+

Recommended actions

Add includeSubDomains to the HSTS directive
Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy

A+

DNS Records

5 A records, 32 ms lookup

PASS

5 A records, 32 ms lookup

Resolves to 5 IPv4 address(es)

Got: 20.112.250.133, 20.76.201.171, 20.236.44.162, 20.70.246.20, 20.231.239.246

Has 5 IPv6 (AAAA) record(s)

Got: 2603:1030:c02:8::14, 2603:1010:3:3::5b, 2603:1030:b:3::152, 2603:1020:201:10::10f, 2603:1030:20e:3::23c

4 nameserver(s) configured

Got: ns1-33.azure-dns.com, ns3-33.azure-dns.org, ns4-33.azure-dns.info, ns2-33.azure-dns.net

No MX records — email not configured via DNS

CAA records not checked

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

SPF record present in TXT

DNS resolution time: 32 ms

Got: 32 ms

A	20.112.250.133, 20.76.201.171, 20.236.44.162, 20.70.246.20, 20.231.239.246
AAAA	2603:1030:c02:8::14, 2603:1010:3:3::5b, 2603:1030:b:3::152, 2603:1020:201:10::10f, 2603:1030:20e:3::23c
CNAME	—
NS	ns1-33.azure-dns.com, ns3-33.azure-dns.org, ns4-33.azure-dns.info, ns2-33.azure-dns.net
MX	—
TXT	SPF v=spf1 -all xzj5cymqxj0d3t7l0gn04gyvxmjyfrvz google-site-verification=4wO5rRfHWPhm6d38smNnzT8pmye_N_fop9k7VUZ3MQg
CAA	Lookup not available with standard resolver

Resolved in 32 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

Redirect Chain

1 redirect(s), 287 ms total

PASS

1 redirect(s), 287 ms total

Single redirect

Got: https://cloud.microsoft → https://m365.cloud.microsoft/ (301)

Cross-domain redirect detected

https://cloud.microsoft

94 ms · HTTP/1.1

301

https://m365.cloud.microsoft/

193 ms · HTTP/1.1 FINAL

#	URL	Status	Time	Protocol	Server
1	https://cloud.microsoft	301	94 ms	HTTP/1.1	Kestrel
2	https://m365.cloud.microsoft/	200	193 ms	HTTP/1.1

See the visual redirect chain in the HTTP Probe tab →

A+

IPv6 Readiness

IPv6 reachable (172 ms)

PASS

IPv6 reachable (172 ms)

IPv6 is configured and reachable at 2603:1030:c02:8::14, 2603:1010:3:3::5b, 2603:1030:b:3::152, 2603:1020:201:10::10f, 2603:1030:20e:3::23c

Got: 172 ms connect

IPv6 Ready

AAAA Records 2603:1030:c02:8::14, 2603:1010:3:3::5b, 2603:1030:b:3::152, 2603:1020:201:10::10f, 2603:1030:20e:3::23c Connection Reachable (172 ms)

A+

URL Variants

www/non-www, trailing slash, HTTP→HTTPS

PASS

www/non-www, trailing slash, HTTP→HTTPS

www/non-www redirect configured correctly (preferred: non-www)

HTTP correctly 301-redirects to HTTPS

www / non-www

301https://www.cloud.microsoft/

200https://cloud.microsoft/

Preferred variant: non-www

HTTP → HTTPS

301http://cloud.microsoft/ → https://m365.cloud.microsoft/

Consistent

A+

Domain Intelligence

cloud.microsoft — via MarkMonitor Inc., 10 years, 8 months old

PASS

cloud.microsoft — via MarkMonitor Inc., 10 years, 8 months old

Domain registered until Sep 25, 2026 (5 months remaining)

DNSSEC is enabled

Registrar: MarkMonitor Inc.

Registrar lock is NOT enabled

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Domain expiry

102 days

September 25, 2026

SSL certificate

143 days

Issued by Microsoft Corporation

Domain age

10 years, 8 months

Registered September 25, 2015

DNSSEC

Enabled

Protects against DNS spoofing

Hosting

Unknown

2603:1020:201:10::10f

Registrar

MarkMonitor Inc.

Unlocked 4 NS records

Expiry timeline

Today

+1 year

Domain expiry SSL expiry Danger zone (≤30 days)

Recommended actions

Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers

Registrar MarkMonitor Inc.

Created September 25, 2015 (10 years, 8 months ago)

Expires September 25, 2026 (5 months)

Last Updated August 24, 2025

Name Servers ns3-33.azure-dns.org, ns4-33.azure-dns.info, ns2-33.azure-dns.net, ns1-33.azure-dns.com

DNSSEC Enabled

Hosting

IP Address 2603:1020:201:10::10f

Data source: rdap (0.3s)

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more ▾

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

HTTP Probe Timing

Total 542 ms — DNS, TCP, TLS, TTFB, content transfer breakdown

PASS

DNS Lookup

22 ms

TCP Connect

172 ms

TLS Handshake

176 ms

Time to First Byte

542 ms

Total Time

542 ms

Connection waterfall

DNS Lookup 22 ms TCP Connect 172 ms TLS Handshake 176 ms Server Processing 172 ms Content Transfer 0 ms

All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.