Finding Azure AD domain from tenant id

Ever had an Azure AD tenant id, and wondered which tenant this is? While checking the APIs behind the new Azure AD cross-tenant access settings, I found a new API that can help you with this!

Let’s assume we have the tenant id 72f988bf-86f1-41af-91ab-2d7cd011db47, and want to know which domain this is, we can simply:

GET https://graph.microsoft.com/beta/tenantRelationships/findTenantInformationByTenantId(tenantId='72f988bf-86f1-41af-91ab-2d7cd011db47a')

And you will get the following response:

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#microsoft.graph.tenantInformation",
    "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
    "federationBrandName": null,
    "displayName": "Microsoft",
    "defaultDomainName": "microsoft.onmicrosoft.com"
}

One caveat though, is that this requires authentication and the scope Directory.AccessAsUser.All to run. You can test it out using Graph Explorer:

Also, I was unable to get it to work using client credentials and my own app registration, both leaves me with “Insufficient privileges to compelte the operation”.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s