Office|Office 365

Finding the Identifier for Azure or Office 365 Tenants

Revealing All About a Tenant Identifier

I must admit of being suspicious when I first heard about the site. The site does one thing, and that’s to return the tenant identifier of an Azure or Office 365 tenant. The tenant identifier is a GUID (like 72f988bf-86f1-41af-91ab-2d7cd011db47) to mark the data belonging to a company within Microsoft’s cloud platforms. On the surface, it seems like a tenant identifier is a private piece of information that shouldn’t be easily accessible within the internet, but it is.

In the case of, simply input the domain name for a company and the site will spit out the tenant identifier if one exists. You’re not limited to your own company. The site is quite happy to tell you the identifier for any company it can find, like as shown in Figure 1.

Finding an Office 365 Tenant Identifier
Figure 1: Finding the tenant identifier for (image credit: Tony Redmond)

First Impressions Were Bad

The first time I thought about this, I thought that it was bad that a site could reveal the identifier for any Office 365 or Azure tenant. The reaction is understandable because you’d imagine this data to be private and only accessible to those who need to know. But when you look under the covers, a different situation emerges.

An interesting discussion in the Microsoft technical community reveals that OAuth 2.0 is the reason why Microsoft publishes tenant identifiers. We learn that “OpenID Connect is a simple identity layer that sits on top of OAuth 2.0. For Office 365 there is an OpenID Connect metadata document for each tenant which contains more of the information required for apps to perform sign-ins (including the tenant id).”

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

Finding Tenant Identifiers

All Office 365 and Azure tenants make information available through a connect point. For instance, you can find the information for Microsoft’s tenant at A bunch of JSON-formatted data is returned to guide apps through the authentication process. Replace with your domain in the URL to see what’s returned for your tenant.

In a nutshell, if Microsoft didn’t publish tenant identifiers online, applications using OAuth 2.0 couldn’t authenticate. Administrators might not have been aware of this information, but programmers do, probably because they need to figure this stuff out.

How Administrators Find Tenant Identifiers

If administrators were to be asked how to find the tenant identifier, they’d probably follow the advice given by Microsoft and use the Azure AD PowerShell module to run a command like:


Another way to find the tenant identifier is to open the Azure portal. Your tenant identifier is in the URL. The problem with this approach is that you must connect a PowerShell session to a tenant to retrieve the information. Consultants and Service Providers who manage tenants on behalf of companies might not be easily able to run PowerShell using an account belong to the tenant, meaning that they need another method to get the tenant identifier.

Tenant Identifiers in the Open

Whether you like it or not, your tenant identifier is publicly available to all and sundry. All does is to check if the information is available online and then strip the tenant identifier out from the JSON payload returned. The site is owned by ShareGate, a well-known ISV specializing in SharePoint migrations, who get the chance to advertise their wares. That’s probably fair compensation for providing a service that some find very valuable.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (1)

One response to “Finding the Identifier for Azure or Office 365 Tenants”

  1. <p>Hi&nbsp;</p><p>Is there a site that can do the reverse?</p><p>I would use that to check which other Tenants are used/visited as Guests through our Users.&nbsp;</p><p>In Azure AD in the Sign-Ins the Ressource Tenant is visible.&nbsp;</p><p>So I would need to lookup the Domain Name with the Tenant ID.</p><p><br></p><p>Thanks for any suggestions.</p>

Leave a Reply

Tony Redmond has written thousands of articles about Microsoft technology since 1996. He covers Office 365 and associated technologies for and is also the lead author for the Office 365 for IT Pros eBook, updated monthly to keep pace with change in the cloud.
13 Email Threat Types to Know About Right Now

As email threats evolve and multiply, keeping track of them all—and staying protected against the many different types—becomes a complex challenge. Today, that requires more than just the traditional email gateway solution that used to be good enough.

In this eBook you will learn:

  • What are the most common and challenging email attacks for organizations?
  • How to defend against sophisticated email threats, such as spoofing, social engineering, and fraud
  • How to protect employees at the inbox level with the right technologies and security-awareness training
  • How to use a multilayered protection strategy to reduce susceptibility to email attacks and better defend your business and employees

Sponsored by: