Have you ever tried to locate a Microsoft Entra tenant ID when all you have is the domain name? Maybe you already know the tenant ID and want to do a reverse lookup and see which domains are verified in that tenant. You may also want to identify the federated IdP a tenant uses, understand how each domain uses the various Microsoft services, or check the tenant’s location and any custom branding. You need all of this to work across public, national, and sovereign Microsoft cloud environments.
That is exactly what Entra Sonar handles. It searches for Entra tenants using either a domain or a tenant ID, and reveals verified domains, IdP's, and Microsoft cloud service usage across every Microsoft cloud environment.
Site: https://entrasonar.com
Entra Sonar uses various techniques to pull together information about Microsoft Entra ID tenants:
- Multi-Cloud Support: Search and analyse tenants across Public Cloud, US Government, and China 21Vianet environments
- Tenant Details: Get information about the tenants location, cloud type, and IdP configuration
- Federation Settings: See detailed IdP information for each verified domain (Entra, AD FS, Okta, Ping, and others)
- Custom Branding: View any images and customisations applied to the tenant's sign-in page
- Verified Domains: Display all domains verified in the tenant
- Domain Analysis: Scan each verified domain and attempt to match them to Microsoft services
- Azure AD B2C Detection: Identify B2C tenants (though this can be a bit hit and miss)
Entra Sonar automatically identifies which Microsoft cloud environment hosts a tenant by analysing OpenID configuration endpoints.
Each Microsoft cloud environment uses distinct authentication endpoints:
| Cloud Type | Authentication Endpoint | Data Location |
|---|---|---|
| Public Cloud (M365 Commercial) | login.microsoftonline.com |
Replicated Worldwide, or geo-located in certain regions |
| US Government (GCC, GCC High, DoD) | login.microsoftonline.us |
United States only, secret squirrel stuff |
| China 21Vianet | login.partner.microsoftonline.cn |
China only |
Government cloud subtypes (GCC, GCC High, DoD) are distinguished by analysing tenant_region_scope and tenant_region_sub_scope metadata fields in the OpenID configuration response.
When you query a domain, Entra Sonar uses Microsoft's GetUserRealm endpoint to determine the authentication configuration.
This endpoint returns a NameSpaceType value of either Managed or Federated:
- Managed Domain: Authentication is handled directly by Entra (Password Hash Sync, Pass-through Authentication)
- Federated Domain: Authentication is delegated to an external identity provider using WS-Fed, SAML, or OIDC
For federated domains, Entra Sonar will also retrieve the federation metadata endpoint and identify the IdP based on URL patterns unique to each provider.
X.509 certificate details (validity dates, issuer, subject, key size) are parsed and displayed for federated domains.
The Detailed Domain Scan feature performs DNS queries to identify Microsoft services attached to each verified domain:
- Exchange Online
- SharePoint Online
- Teams
- Intune
- Azure
For email-enabled domains, the scan checks:
- MX Records: Mail exchange server configuration
- SPF (Sender Policy Framework): Email sender authentication
- DKIM (DomainKeys Identified Mail): Email signature verification
- DMARC (Domain-based Message Authentication): Email policy enforcement
If the tenant has custom branding in place, it will show up in the Custom Branding card, including any images and text.
For feedback, ideas, or questions about Entra Sonar, please use GitHub Discussions.
Maintained by: Benjamin Wolfe
Live Application: https://entrasonar.com