Microsoft is unifying its cloud domain for Microsoft 365 services under “cloud.microsoft” to streamline the user experience and administration, which aims to reduce domain fragmentation for authenticated user-facing apps and services.
The consolidation will enhance security, simplify administration with consistent allow-lists, and pave the way for tighter integration across the entire Microsoft 365 ecosystem.
Microsoft is moving Teams, Outlook, and Microsoft 365 web applications to the cloud.microsoft domain.
To ensure that Teams apps (including those running on Outlook and M365) function on the new domain (teams.cloud.microsoft) launching in June 2024, update the apps to the latest TeamsJS client library (version 2.19 or higher), which includes a dynamic list of trusted domains.
It is crucial for embedded web apps within Teams, Outlook, or M365, and failing to update will prevent your app from rendering on the new domain.
If it can’t be updated before June, affected tenants will remain on the old domain (teams.microsoft.com) while Microsoft collaborates on the necessary changes.
Preparing For Cloud.microsoft
Microsoft is changing how web content embedded in Teams, Outlook, and SharePoint apps is secured, as previously a static list of trusted domains within the TeamsJS client library controlled access.
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
- The problem of vulnerability fatigue today
- Difference between CVSS-specific vulnerability vs risk-based vulnerability
- Evaluating vulnerabilities based on the business impact/risk
- Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
To streamline future app integration and support new domains (like cloud.microsoft), Microsoft is migrating this trust list to a dynamic one delivered via a CDN endpoint upon app initialization.
It is implemented in Team JS version 2.19 (released in early January 2024), reducing the maintenance burden of future domain updates.
Update the Teams app to ensure compatibility with upcoming Microsoft 365 domain changes, which requires upgrading the Teams JavaScript library (TeamsJS) to version 2.19 or higher.
Adjust the Content Security Policy (CSP) headers, specifically the x-frame-options directive, to allow for connections from “*.cloud.microsoft” domains that will ensure the app functions seamlessly across current and future Microsoft 365 environments.
Impact Of The Cloud.microsoft
It is transitioning Teams apps to the new domain, teams.cloud.microsoft, as developers should update their apps to function correctly on this domain by completing the specified changes.
Currently, both teams.microsoft.com and teams.cloud.microsoft are functional and apps will work seamlessly on either domain if the updates are complete (CTAs complete).
Incomplete apps will only function on teams.microsoft.com and display an error message on teams.cloud.microsoft, directing users to the older domain.
The shift to a unified cloud.microsoft domain aims to improve the user experience and streamline development for Teams, Outlook, and the entire Microsoft 365 ecosystem.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.