Facebook alerted me that some SSL certificates have been issued that potentially phish one of our domains:
The detailed view for one of these entries is as follows:
When I access one of these domains, it forwards to our actual domain.
There are plenty of resources online about the risks that are involved if this is, indeed, the beginnings of a phishing attack. However, we're a low-reward target, so it's unlikely that someone is attempting to perform a phishing attack.
We don't use Microsoft's cloud, and I'm not very familiar with it. Is there a simple, innocuous explanation for the possible purpose of these domains and associated certificates? We provide a SaaS product and do work with partners to fulfill certain parts of our system. Perhaps one of our partners uses Microsoft cloud and their system caused these domains and certificates to be generated?
I'd ask Microsoft, but since we're not a customer of theirs, they won't help us... ?♂️
The "cas.ms" domain is used by Microsoft's Cloud App Security tool, in particular around the application conditional access control. Is it possible that someone has look to enable this service? This is not Azure specific, it can be used as part of Office 365 or standalone.
The solution works by adding a proxy in front of your applications, hence why it would be pointing to your URLs.