If you've landed on google.com.mcas.ms, you're likely being redirected to a Microsoft authentication service β specifically part of Microsoft Cloud App Security. The 'google.com' prefix might raise an eyebrow, but look closer: the actual domain is mcas.ms, and everything about this site points to Microsoft. The SSL certificate is issued by Microsoft, the servers are on Microsoft's network, and the legal pages (privacy policy, terms, and an EU business disclosure) are all present. The page title is simply 'Continue', which is typical for an OAuth redirect β it doesn't need a full website design to do its job. Reputation-wise, the domain has been active for over three years with no safety flags. The only thing missing is direct contact info on this specific page, but that's standard for an authentication endpoint; support goes through Microsoft's main channels. For a SaaS login page, this is a solid setup. If you ended up here because you were trying to sign into a Microsoft service, you can proceed with confidence.
In plain English
This site is a Microsoft service page, likely for Cloud App Security authentication. It has a valid SSL certificate, a clean reputation, and strong ties to Microsoft through hosting and certificate issuance. The main thing to keep in mind is that it's a login redirect, so you won't find standard contact info here β but that's normal for this kind of page.
Where the score comes from
The site uses a valid SSL certificate and enforces HTTPS, which is essential for any login page. However, it's missing some additional browser protections that would normally block common attacks β not a dealbreaker for a redirect page, but worth noting.
This is clearly a Microsoft-owned service: the certificate is issued by Microsoft, the hosting is on Microsoft's network, and the domain has been registered for years. Even though the WHOIS lookup failed, the real-world identity is established through other signals.
No blacklists, no malware flags, and a three-year presence in the web archive. The site isn't well-known by traffic rankings, but that's normal for a behind-the-scenes authentication page.
The site provides an about page and a legal entity disclosure, which is good. Contact info isn't on the homepage β common for a login redirect where the parent company's support page is the right place to go.
Privacy policy and terms of service are present, plus a business disclosure (Impressum) that meets EU legal requirements. For a service like this, that covers the basics well.
The site resolves quickly and uses a modern server setup. It doesn't handle email, so missing mail records aren't a concern. DNSSEC isn't enabled, but that's typical for many corporate subdomains.
What we checked
Run this site? Show your score.
Add a trust badge so visitors can see your live score for themselves.
Get your badge β