[German]Once again a somewhat strange observation from the readership. I have received a report that Microsoft Office has recently been trying to prevent access to the domain aprimocdn.net. It seems to be a security issue, as can be seen from a dialog box.
Advertising
A reader's report about on aprimocdn.net
A German blog reader contacted me recently by e-mail because he had come across a very strange story. He wrote to me that he has been confronted with a strange phenomenon since February 10, 2025, for which he has no explanation. Since February 10, 2025, various Office users in his environment have been receiving the following message in a dialog box:
The message is probably triggered by Microsoft Office. It says that access to the subdomain p1.aprimocdn.net and a folder mentioned within the url has been blocked because the network proxy is using a possibly insecure logon method.
This dialog box can be reproduced by the user either clicking on Save as… in an Office program or by going into the account settings.
The affected user is advised to contact their own IT support. Well, the blog reader probably belongs to the IT department of the company concerned.
Advertising
Access blocked in proxy
A reader informed me that IT has a very restrictive proxy policy. The above-mentioned URL/domain aprimocdn.net appears in the proxy log, but access to the domain is not permitted.
The reader writes that the IT department there is completely unclear where this URL comes from and what Office needs this URL for. He cannot find the domain in question in the list of Microsoft endpoints.
Who owns the domain aprimocdn.net?
When I look at WhoIs, I see that the DNS entries point to various Azure name servers (see the screenshot below).
The owner of the domain is Aprimo US LLC in Indianapolis, USA. According to Wikipedia, Aprimo is a US-based company that develops and distributes marketing automation software and digital asset management technology for marketing and customer experience departments in enterprise organizations.
Does Microsoft use Aprimo?
If I search the Internet, there is a Microsoft page on apps that lists "Aprimo Productivity Management". Aprimo Productivity Management is designed to simplify and automate collaboration in marketing. And there is a Microsoft Office Connector for Aprimo Digital Asset Management from Aprimo.
This website also states that Aprimo and Microsoft have had a partnership for 20 years. Aprimo wants to further expand this partnership by using OpenAI and
joining the Microsoft Azure Marketplace. But I can't really make heads or tails of it.
That's why I'm asking the blog readership whether anyone is receiving similar messages or finding access attempts to the above-mentioned domain in the logs. And, of course, I would also like to ask whether anyone has an explanation for the accesses to the Aprimo domain?
Additional remarks
After I've published the German version of this blog post, I received many comments from my readers (thanks). The affected blog reader has subsequently contacted me again and clarified the following:
- It is not an Outlook-specific phenomenon and has nothing to do with emails, this appears in Word, OneNote, etc.
- No other Office add-ins are active, the reader writes that the message is displayed directly from the M365 programs from his point of view.
- The dialog box appears, for example, when you click on Save as… in a new, empty document (possibly cloud paths are then addressed).
- Or if you click on Account in an Office program, for example (could cloud paths be called up here too?).
According to the proxy logs, the phenomenon has been occurring since 08.02.2025 (the domain could not be found in any other previous proxy log). It does not seem to occur with every user/device, the reader can reproduce the message or access on some devices, but not on others. The error message also does not occur on terminal servers with Microsoft Office 2019.
An explanation from a user
After I've published the German edition of this blog post, a blog reader came with this comment. He explained:
I think we have solved this puzzle.
Microsoft Office includes a number of built-in connectors that allow you to store files in cloud services, both from Microsoft (OneDrive, SharePoint) and from other providers (Box, DropBox, etc.).
One of these third-party services is NetDocuments, a content management system for lawyers. Microsoft must have recently released or updated a connector in "preview" or "beta" for this service.
In the user interface for Office, each of these connectors has an icon. These icons are downloaded from the Internet. The icons for all connectors – with the exception of NetDocuments – come from a Microsoft server at odc.officeapps.live.com. The icons for NetDocuments are stored in this Aprimo content distribution network (aprimocdn).
If your organization uses an authentication proxy that allows connections to Microsoft servers through, but requires authentication for aprimocdn.net, you will see this error.
For example, you can see this in the registry at the following address:
HKCU\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog\TP_NETDOCUMENTS_PLUS\Thumbnails<\pre>This may simply be an oversight by Microsoft or it may be because the NetDocuments connector is in "Preview". In any case, it does not appear to be malicious.
Proxy administrators may want to allow access to this site without authentication to suppress this error until Microsoft fixes the problem.
Advertising
