Microsoft Tenant Domain Search

Search for domains registered within the same Microsoft 365 tenant as a given domain. This previously could have been done with the Autodiscover GetFederationInformation call (for more context see this blog post and AADInternals). However, Microsoft has changed the behavior of that endpoint as described in Microsoft’s announcement (MC1081538) and their tech community update.

While traditional reconnaissance methods still exist, they no longer support enumeration of other domains within a tenant. To overcome this, I collected Microsoft 365 tenant IDs and organization names for over 400 million domains, enabling correlation of base domains across tenants and searching of organization names. Domains were sourced from zone files, Common Crawl web data, and other large-scale domain datasets. For each domain, the tenant ID was extracted via https://login.microsoftonline.com/{domain}/v2.0/.well-known/openid-configuration, and the organization name from https://login.microsoftonline.com/getuserrealm.srf?login=user@{domains}.

Identify domains in a tenant by ID or domain:

Search

Search for a tenant by their organization name:

Search

Danger

It is possible to have subdomains associated with a tenant. This tool only searches through tenants queried for a large portion of base or root domains, not subdomains. Performing this analysis on subdomains would require processing a much larger order of magnitude of data.

Also, the API for this tool is currently running on a single instance and updates and functionality may change. As such, uptime is not guaranteed.