Microsoft this week trumpeted the launch of Microsoft 365 Copilot Search with lofty promises and slick mock-ups, but the domain plastered all over them didn’t belong to the corporation.
The tech giant dropped a blog on Wednesday touting Copilot Search’s escape from preview and entry into general availability (as long as your org’s paid up for a Copilot license, of course), in which it promises that the AI tool will trawl your emails, files, and even third-party apps to spit out context-aware results and handy summaries.
But while Microsoft’s marketing was polished, one small detail stood out. As spotted by an eagle-eyed Reg reader, the flashy Copilot mock-ups used in the blog post feature the URL “m365.com” – a domain Microsoft didn’t even own.
The domain is currently up for sale, and a quick WHOIS search showed it’s managed by eName Technology Co. Ltd, a Chinese registrar with no known ties to Microsoft. The domain has been active since 2005, according to the listing, long before Microsoft 365 branding was even a thing.
In contrast, official Microsoft domains such as “microsoft.com” and “office365.com” are locked down through corporate registrar MarkMonitor, which handles domains for many of the world’s largest companies.
That made m365.com a curious choice to showcase in official blog materials, especially for a company that’s spent years preaching about trust, security, and responsible AI.
So why was Microsoft trotting out mock‑ups with a domain it doesn’t own? Perhaps it’s an honest mistake, or a placeholder that slipped through approvals. The Register was quick to quiz Microsoft about the domain snafu, but it refused to comment.
We’re led to believe it was a design error that has now been corrected.
m365.com didn’t point to anything suspicious when we first looked; it just displayed an empty page offering the URL for sale. However, with Microsoft previously showcasing the domain on its official blog, and with a suggested price of ¥200 (a mere $28), it presented a chance to an opportunistic grifter to step in and give it a more sinister makeover.
Looks like even a trillion-dollar tech behemoth can trip over basic domain hygiene. ®