Azure Active Directory - get tenant list

Question

I am aware of the Powershell cmdlet Get-AzTenant and the REST API call GET https://management.azure.com/tenants?api-version=2019-06-01 to query the AD tenants wrt the current user context.

As this requires user_impersonation wrt Azure Resource Management, is there an alternative with i.e. Microsoft Graph?

An example, where this list of tenants is used

Microsoft Access Panel
https://account.activedirectory.windowsazure.com/r#/profile/organizations
POST https://account.activedirectory.windowsazure.com/responsive/multidirectoryinfo
Azure DevOps profile
https://aex.dev.azure.com/me
Azure Portal
POST https://portal.azure.com/api/directories/List

Without a user authenticated, how would you expect the API to know which tenents to return? — Marc LaFleur
I want to issue the call within the user context. I want to use the an API that needs less permissions than user_impersonation wrt management.azure.com. — Florian Eckert

Joy Wang-MSFT Joy Wang-MSFT · Accepted Answer · 2019-11-26T02:26:03

No, there is no such API in Microsoft Graph or Azure AD Graph.

I want to use the an API that needs less permissions than user_impersonation wrt management.azure.com.

Besides, I think the delegated permission user_impersonation is not large, when the user login the app and consent the permission, the app just calls the API as the user. The permissions are all from and decided by the user, not the app.

Azure Active Directory - get tenant list

1 Answers