Browser limitation detected

Facebook browser may limit features like the Menu. For the best experience, please tap (...) and choose 'Open in Browser'.

ITPro-Tips logo
Advertise
Photo by Brett Jordan / Unsplash
OneDrive moves to the cloud.microsoft domain: what actually changes (and what does not)

OneDrive moves to the cloud.microsoft domain: what actually changes (and what does not)

— 3 min read
Bastien Perez
Bastien Perez

Microsoft is moving the OneDrive web experience from the familiar contoso-my.sharepoint.com address to a new unified domain: onedrive.cloud.microsoft. It is announced in the Microsoft 365 message center under MC1392563 (link), and it is part of the broader cloud.microsoft domain unification that Microsoft started back in 2023. The headline sounds dramatic, but the practical impact is small if you understand exactly what is moving and what is staying put. Let's separate the two.

What is changing

Only one thing changes: the user-facing URL you see in the browser when you open OneDrive on the web. Instead of landing on your tenant's -my.sharepoint.com host, users will progressively be served the same experience on onedrive.cloud.microsoft.

Surface Before After
OneDrive web experience https://contoso-my.sharepoint.com https://onedrive.cloud.microsoft
File storage and APIs https://contoso-my.sharepoint.com Unchanged (still -my.sharepoint.com)

That distinction is the whole point: the address bar moves, the storage does not.

What is NOT changing

This is where most of the anxiety can be put to rest. None of the following are affected:

  • File storage. Your content still lives on contoso-my.sharepoint.com. The new domain is a front door, not a migration of data.
  • APIs and integrations. Graph, CSOM, REST and the SharePoint/OneDrive endpoints keep using the *.sharepoint.com hosts. Code that calls the API does not need to switch to cloud.microsoft.
  • Existing sharing links. Links already created and distributed keep working. Both domains coexist, with no planned end date for the old one.
  • Permissions and sharing model. Nothing about access control changes.
  • The end-user experience. Same interface, same files. Most users will not even notice beyond the address bar.

Timeline

  • Early July 2026: rollout begins.
  • Through late June 2027: gradual worldwide deployment.
  • After that: both URL formats coexist indefinitely. There is no forced cut-over and no deadline to "migrate" off -my.sharepoint.com.

Because the old domain is not being retired, this is a soft transition. You are not on a clock.

What admins should actually do

No emergency action is required, but a few checks are worth doing now so nothing breaks quietly later:

  • Confirm *.cloud.microsoft is allowlisted. This is the one that matters. The domain has been part of the official Microsoft 365 URLs and IP address ranges guidance since 2023. If you consume the Microsoft 365 network endpoints API to drive your firewall, proxy or SD-WAN config, you already have it. If you maintain allowlists manually on your secure web gateway (Zscaler, Netskope, Palo Alto, Fortinet, Azure Firewall, etc.), make sure *.cloud.microsoft is explicitly allowed, or users will hit connectivity errors when they get rolled onto the new domain.
  • Review Conditional Access and any URL-based filtering. If you have policies, DLP rules or CASB controls that key off the literal -my.sharepoint.com hostname, validate they still behave as intended when the browser shows onedrive.cloud.microsoft. Note that CA targets the SharePoint Online service, not the hostname, so most policies are fine. The risk is in custom URL-string matching.
  • Audit hardcoded URLs. Scripts, Power Automate flows, HTTP connectors, bookmarks and internal documentation that hardcode the -my.sharepoint.com web address will keep working (the old domain stays), but it is a good moment to stop assuming a single canonical OneDrive hostname.

In short: the only thing that can actually bite you is a network allowlist that does not include *.cloud.microsoft. Everything else is cosmetic.

Why Microsoft is doing this

The cloud.microsoft domain is a deliberate consolidation of authenticated Microsoft 365 experiences under a single, Microsoft-owned, top-level domain. As Microsoft puts it, the goal is to reduce sign-ins, redirects and the sprawl of allowlist entries, while raising the security bar:

"To ensure that customers and users can treat everything under the *.cloud.microsoft domain as fully trusted, the entire domain hierarchy is isolated, purpose built, and dedicated to hosting only secure and compliant Microsoft product experiences."

Source: Unified cloud.microsoft domain for Microsoft 365 apps (Microsoft Learn)

Because Microsoft is the sole registrant of the .microsoft top-level domain, and because *.cloud.microsoft is on the HSTS preload list in all major browsers, anything served there is guaranteed to be a legitimate Microsoft experience over HTTPS. The domain is kept free of third-party content, IaaS/PaaS storage and arbitrary scripts. OneDrive moving onto it is simply the next app to benefit from that trust model.

Sources

Microsoft 365
Share

Comments

data-mapping="pathname" data-strict="0" data-reactions-enabled="0" data-emit-metadata="0" data-input-position="top" data-theme="preferred_color_scheme" data-lang="en" data-loading="lazy" crossorigin="anonymous" async>
banner-Bastien Perez
Bastien Perez avatar

Freelance Microsoft 365 - Active Directory - Modern Workplace

France