Get Tenant ID For Given Domain
Query
//This query will return the tenant ID for a domain. This has little use-case today but if externaldata allowed variables then this could be quite useful as a function
let OIDC = externaldata(token_endpoint: string)["https://login.microsoftonline.com/google.com/.well-known/openid-configuration"] with (format="csv", ignoreFirstRecord=False); //replace "google.com" with domain you want to search
OIDC
| extend TenantID = replace_string(replace_string(token_endpoint,"{\"token_endpoint\":\"https://login.microsoftonline.com/",""),"/oauth2/token\"","")
| project-away token_endpointExplanation
This query is designed to extract the tenant ID associated with a specific domain using Microsoft's OpenID Connect configuration. Here's a simplified breakdown:
-
Data Retrieval: The query uses the
externaldatafunction to fetch OpenID Connect configuration data from a specified URL. In this case, it's fetching data related to the domain "google.com". You can replace "google.com" with any domain you want to investigate. -
Data Processing:
- The
extendfunction is used to create a new column calledTenantID. - It extracts the tenant ID from the
token_endpointURL by removing unnecessary parts of the string. This is done using thereplace_stringfunction twice to clean up the URL and isolate the tenant ID.
- The
-
Data Presentation:
- The
project-awayfunction is used to remove the originaltoken_endpointcolumn from the output, leaving only theTenantID.
- The
In summary, this query extracts and displays the tenant ID for a specified domain by processing data from Microsoft's OpenID Connect configuration endpoint.
Details

Jay Kerai
Released: November 11, 2024
Tables
OIDC
Keywords
TenantIDDomainConfiguration
Operators
letexternaldatawithextendreplace_stringproject-away