Ever had an Azure AD tenant id, and wondered which tenant this is? While checking the APIs behind the new Azure AD cross-tenant access settings, I found a new API that can help you with this!
Let’s assume we have the tenant id 72f988bf-86f1-41af-91ab-2d7cd011db47, and want to know which domain this is, we can simply:
GET https://graph.microsoft.com/beta/tenantRelationships/findTenantInformationByTenantId(tenantId='72f988bf-86f1-41af-91ab-2d7cd011db47a')
And you will get the following response:
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#microsoft.graph.tenantInformation",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"federationBrandName": null,
"displayName": "Microsoft",
"defaultDomainName": "microsoft.onmicrosoft.com"
}
One caveat though, is that this requires authentication and the scope Directory.AccessAsUser.All to run. You can test it out using Graph Explorer:

Also, I was unable to get it to work using client credentials and my own app registration, both leaves me with “Insufficient privileges to compelte the operation”.
This is useful. Thank you for providing details. One small correction Tenant id provided in the request is incorrect 72f988bf-86f1-41af-91ab-2d7cd011db47a (correct tenant id is 72f988bf-86f1-41af-91ab-2d7cd011db47)
Thanks for this. Tried it now, seems there is a new scope available, “CrossTenantInformation.ReadBasic.All”.
Simple working example with the “`Microsoft.Graph“` module:
“`powershell
$null = Import-Module -Name ‘Microsoft.Graph.Authentication’ -Force
$null = Select-MgProfile -Name ‘beta’
$null = Connect-MgGraph -Scopes ‘CrossTenantInformation.ReadBasic.All’ -ForceRefresh
Invoke-MgGraphRequest -Method ‘Get’ -Uri (“https://graph.microsoft.com/beta/tenantRelationships/findTenantInformationByTenantId(tenantId=`'{0}`’)” -f $TenantId)
$null = Disconnect-MgGraph
“`