How to Enumerate Microsoft 365 Tenant Domains After Microsoft's 2025 Security Changes

In May 2025, Microsoft implemented a significant change restricting the Get-FederationInformation cmdlet and related endpoints from returning full domain lists for Microsoft 365 tenants. This modification, intended to bolster security by preventing unauthorized reconnaissance, disrupted legitimate workflows for IT administrators needing comprehensive visibility into their tenant's domain landscape. Organizations suddenly lacked straightforward methods to audit all associated domains—a critical requirement for security hardening, license management, and migration planning.

Prior to this change, administrators could directly query tenant domains using Exchange Online PowerShell commands. Post-update, these attempts returned limited information, effectively blocking enumeration. Community experts like DrAzureAD and Juan Pablo Gomez Postigo responded with API-based solutions that preserved functionality through abstracted services. These tools maintained access to domain enumeration capabilities while obscuring the underlying techniques from public view.

Building on these efforts, I developed TenantDomainFinder—a free, no-login web application hosted on GitHub Pages. Unlike earlier solutions requiring API integration, this tool provides immediate access through a simple web interface. Users enter a known domain associated with their tenant, and the tool returns all verified domains registered under that tenant's umbrella. Results can be exported directly to CSV for documentation or analysis.

The tool operates via a Cloudflare Worker backend, which handles the actual enumeration logic. This serverless approach ensures scalability under Cloudflare's free tier while intentionally obscuring the methodology—a deliberate design choice aligning with responsible disclosure principles. While the specific technique isn't publicized, interested parties can find scattered references to alternative enumeration approaches through independent research.

For businesses, this capability addresses three key operational needs:

1. Security Validation: Identifying orphaned or unauthorized domains that could become attack vectors
2. Migration Planning: Mapping all domains during tenant consolidations or cloud transitions
3. Compliance Auditing: Verifying domain ownership and configuration alignment with policies

Unlike paid services, TenantDomainFinder imposes no cost barriers or registration requirements. The Cloudflare infrastructure currently handles traffic efficiently, though organizations requiring high-volume enumeration should consider rate limits. Crucially, the tool only processes domains explicitly provided by users—it doesn't perform open-ended tenant discovery.

As Microsoft continues evolving M365's security posture, tools like this demonstrate how community innovation fills functional gaps without compromising ecosystem integrity. TenantDomainFinder's CSV export feature—coupled with its zero-friction access—makes it particularly valuable for rapid inventory tasks during security incidents or technology evaluations.