Microsoft Tenant Domain Search
Search for domains registered within the same Microsoft 365 tenant as a given domain. This previously could have been done with the Autodiscover GetFederationInformation call (for more context see this blog post and AADInternals). However, Microsoft has changed the behavior of that endpoint as described in Microsoft’s announcement (MC1081538) and their tech community update.
While traditional reconnaissance methods still exist, they no longer support enumeration of other domains within a tenant. To overcome this, I collected Microsoft 365 tenant IDs and organization names for over 400 million domains, enabling correlation of base domains across tenants and searching of organization names. Domains were sourced from zone files, Common Crawl web data, and other large-scale domain datasets. For each domain, the tenant ID was extracted via https://login.microsoftonline.com/{domain}/v2.0/.well-known/openid-configuration
, and the organization name from https://login.microsoftonline.com/getuserrealm.srf?login=user@{domains}
.