Occasionally it is useful to know if a domain name is registered with a tenant in Entra ID (previously known as Azure AD). There is a URL to lookup this information as to my knowledge there is not easy portal to query.
The URL requires you to add an email address, though the actual user does not need to exist – just the domain name portion is required:
https://login.microsoftonline.com/common/userrealm/name@domain.com?api-version=2.1
Browsing to the URL will return some JSON as shown – change the email to look up other tenants.
and you can find out the following information:
NameSpaceType: Managed or Federated or Unknown (“unknown” means the domain is not registered in Entra ID, the aim of this blog post!). Managed means authentication happens in Entra ID, and Federated (along with the related “federation_protocol” and “AuthURL” values show you who is doing the federation.
FederationBrandName: The name of the tenant, as in the display name in any tenant consent or sign-in screens.
TenantBrandingInfo: An array containing banner logos (light and dark versions), login screen image [illustration], username label, if Keep Me Signed In is enabled and if these settings change per locale. Header, Footer, layout and password reset – the new settings on the branding page are also shown in this response if they are enabled.
cloud_instance_name: microsoftonline.com (which means the global Entra ID tenant). Other values would be sovereign tenant clouds (Galatin in China, Blackforest in Germany) or any of the seperate US Gov tenants (Gov and Gov High and possibly others, and I have seen “microsoftonline.us” listed for some I have queried – and in these cases, you need to lookup the replaced URI for the above query – that is, https://login.microsoftonline.us/common/userrealm/president@whitehouse.gov?api-version=2.1 for the US Whitehouse tenant for example).
is_dsso_enabled: Set to “true” if Azure AD Connect SSO is enabled.
Photo by Pixabay: https://www.pexels.com/photo/access-antique-bolt-close-277574/
Leave a Reply