Microsoft sometimes requires you to have DNS records pointing to
lyncdiscover.yourdomain.com or
sip.yourdomain.com. If you do not have your own website configured on these URLs, Microsoft will serve its own certificates.
Your service will work fine, but ShadowTrackr will detect that the certificate served on these URLs doesn't match your domain. The certificate grade will be "M" (domain mismatch), and this will appear as a problem in your dashboard.
This is a common situation for organizations using Microsoft 365. The mismatch is expected behavior from Microsoft's side, not an actual security problem.
By enabling the "Trust all Microsoft Office 365 certificates" option in your
Settings, ShadowTrackr will stop treating these Microsoft certificate mismatches as problems.
The grade will still show as "M" (the mismatch is still there), but it will no longer be flagged as an issue in your dashboard or trigger
alerts.
- Certificate mismatches on Microsoft-served URLs will no longer appear as problems
- The "M" grade is still recorded for transparency
- All other certificate checks on your own domains continue as normal
- This applies to all Microsoft-served certificates across your organization
