Office.com redirects you to login.microsoftonline.com which isn't horribly bad, but is starting to get there. Now you have microsoft365.com and friends, too.
At least when things were login.microsoft.com you could apply the "last part is definitive" now that heuristic is pretty useless. And if you watch the actual DNS requests during a login, whew.
CDNs make it even worse, here's a few VALID requests from my DNS cache:
Also Azure AD and Entra ID and other parts of Microsoft 365 all use onmicrosoft.com, too. A fun bonus to that particular domain is the random meaningless to people GUID-derived tenant IDs in the second level. Knowing what is legitimate, and what is tied so a specific corporate tenant, seems impossible. Certainly helps Microsoft themselves avoid XSS problems, I'm sure, but greatly adds to the confusion of what is a legitimate M365 URL.
Yea, it's really fun to log into some some Microsoft site and get redirected 10 times. The domains it goes through are staggering, some of them don't even look like MS names at all. More than once I've been convinced that there is something fishy going on. Only to realize that, nope, that's the way MS wanted it.
At least when things were login.microsoft.com you could apply the "last part is definitive" now that heuristic is pretty useless. And if you watch the actual DNS requests during a login, whew.
CDNs make it even worse, here's a few VALID requests from my DNS cache:
store-images.s-microsoft.com-c.edgekey.net
www.msftconnecttest.com
123499-ipv4v6.farm.dprodmgd103.aa-rt.sharepoint.com
download.windowsupdate.com.edgesuite.net
At least some end in apparently legitimate domains, but sheesh, that last one looks like something straight out of 2000s era scams.