How to Find a Microsoft 365 Tenant Identifier

Posted on by Tony Redmond

Why You Might Need to Know Your Microsoft 365 Tenant Identifier

Every Microsoft 365 tenant is identified by a GUID, a globally unique identifier, which looks something like abf988bf-86f1-41af-91ab-2d7cd011db46. Applications use the tenant identifier to know which organization data belongs to. Occasionally, administrators need to know the identifier too:

  • Microsoft support might ask for the tenant identifier as part of the information gathered for a support incident.
  • If you participate in a test of new functionality, the Microsoft engineering group responsible for the feature will need the tenant identifier to enable (or “flight”) the software.
  • Apps registered in Azure AD which use the Graph APIs to access tenant data must pass the tenant identifier along with the app identifier and app secret when requesting an access token. The combination of the three pieces of data allows Azure AD to grant the necessary token.

Applications like Teams include the tenant identifier in the links used to identify data. For instance, the deeplink used for a Teams meeting contains the tenant identifier.

Available to Allow Apps to Authenticate

Tenant identifiers are exposed publicly. If they were not, applications based on the Graph APIs or any others using OAuth 2.0 could not connect to a tenant. These apps use OpenID Connect, described by MVP Curtis Johnstone as “a simple identity layer that sits on top of OAuth 2.0. For Office 365 there is an OpenID Connect metadata document for each tenant which contains more of the information required for apps to perform sign-ins (including the tenant id).”

For instance, an app can find the information for Microsoft’s own tenant at https://login.microsoftonline.com/microsoft.com/.well-known/openid-configuration (Figure 1). Apps can fetch this information to receive the necessary data needed to navigate the OAuth 2.0 authentication process.

Public OAuth connection information for Microsoft's own tenant
Figure 1: Public OAuth connection information for Microsoft’s own tenant

Finding the Tenant Identifier

Several methods exist to find the tenant identifier within Microsoft 365. Here are the most common, starting with PowerShell.

When you connect to Azure AD with PowerShell, the response contains tenant information, including the identifier.

Connect-AzureAD

Account               Environment TenantId                            TenantDomain    
-------               ----------- --------                            
Administrator@xxx.com AzureCloud  a462313f-14fc-43a2-9a7a-d2e27f4f3478 xxxxxxxx.com

Microsoft intends to deprecate the Azure AD module in June 2023. The equivalent cmdlet in the Microsoft Graph PowerShell SDK is Get-MgOrganization:

Get-MgOrganization | Select Id, DisplayName

Id                                   DisplayName
--                                   -----------
a462313f-14fc-43a2-9a7a-d2e27f4f3478 Office 365 for IT Pros

Much the same happens when connecting to Microsoft Teams with PowerShell. Again, the connection responds with tenant information with the tenant identifier shown for both the tenant name and identifier!

Connect-MicrosoftTeams

Account               Environment Tenant                               TenantId
-------               ----------- ------                               --------
Administrator@xxx.com AzureCloud  a462313f-14fc-43a2-9a7a-d2e27f4f3478 a462313f-14fc-43a2-

If you have a PowerShell session connected to Azure AD, you can run the Get-AzureADTenantDetail cmdlet. This is the method I typically use.

Get-AzureADTenantDetail

ObjectId                             DisplayName               VerifiedDomain
--------                             -----------               --------------
A462313f-14fc-43a2-9a7a-d2e27f4f3478 Office 365 for IT Pros    Office365ITPros.com

The Overview page of the Azure AD portal includes the tenant identifier and has the useful ability to copy the identifier to the clipboard (Figure 2).

The tenant identifier is included in the tenant information in the Azure AD portal
Figure 2: The tenant identifier is included in the tenant information in the Azure AD portal

Azure Where’s My Tenant

Azure operates a service to lookup using a tenant (Figure 3) to find details of a domain belonging to an Azure AD tenant (Figure 3). You can also input the Microsoft 365 tenant identifier.

Looking up Microsoft.com with the Azure service
Figure 3: Looking up Microsoft.com with the Azure service

ShareGate’s Service

ShareGate is an ISV specializing in SharePoint Online solutions. It offers a similar service to the Azure lookup at WhatIsMyTenantId.com. Figure 4 shows the result after checking for Quest.com. Remember, the tenant information is public!

Finding the tenant identifier for a domain
Figure 4: Finding the tenant identifier for a domain

I don’t ever use WhatIsMyTenantId.com, but I’m sure others do, especially when you have a bunch of tenants to manage.

The detail makes the difference. Learn about the detail of managing your tenant by subscribing to the Office 365 for IT Pros eBook. Updated monthly to include those changing details which make all the difference…

4 Replies to “How to Find a Microsoft 365 Tenant Identifier”

  1. Hello,
    If I have a list with over 1500 domains, I need to check if they are using Azure AD, any idea how can I do that?

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.