Table: azuread_domain - Query Azure Active Directory Domains using SQL
Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It helps organizations to sign in and access resources in external resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications. Azure AD Domains represent the various domains that are associated with an Azure AD instance.
Table Usage Guide
The azuread_domain
table provides insights into the domains within Azure Active Directory. As an IT administrator, you can explore domain-specific details through this table, including verification status, type of domain, and associated metadata. Utilize it to uncover information about domains, such as their authentication type, availability status, and whether they are the primary domain.
Examples
Basic info
Determine the administrative status and verification state of your Azure Active Directory domains, and gain insights into the supported services. This is beneficial for managing access controls and understanding the capabilities of your domains.
select id, is_admin_managed, is_verified, supported_servicesfrom azuread_domain;
select id, is_admin_managed, is_verified, supported_servicesfrom azuread_domain;
List verified domains
Discover the segments that are verified within your Azure Active Directory (AD) domain. This can help ensure the integrity and security of your domain by identifying those that have been validated.
select idfrom azuread_domainwhere is_verified;
select idfrom azuread_domainwhere is_verified;
Schema for azuread_domain
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
authentication_type | text | Indicates the configured authentication type for the domain. The value is either Managed or Federated. Managed indicates a cloud managed domain where Azure AD performs user authentication. Federated indicates authentication is federated with an identity provider such as the tenant's on-premises Active Directory via Active Directory Federation Services. | |
id | text | = | The fully qualified name of the domain. |
is_admin_managed | boolean | The value of the property is false if the DNS record management of the domain has been delegated to Microsoft 365. Otherwise, the value is true. | |
is_default | boolean | true if this is the default domain that is used for user creation. There is only one default domain per company. | |
is_initial | boolean | true if this is the initial domain created by Microsoft Online Services (companyname.onmicrosoft.com). There is only one initial domain per company. | |
is_root | boolean | true if the domain is a verified root domain. Otherwise, false if the domain is a subdomain or unverified. | |
is_verified | boolean | true if the domain has completed domain ownership verification. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
supported_services | jsonb | The capabilities assigned to the domain. Can include 0, 1 or more of following values: Email, Sharepoint, EmailInternalRelayOnly, OfficeCommunicationsOnline, SharePointDefaultDomain, FullRedelegation, SharePointPublic, OrgIdAuthentication, Yammer, Intune. The values which you can add/remove using Graph API include: Email, OfficeCommunicationsOnline, Yammer. | |
tenant_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Tenant ID where the resource is located. |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azuread
You can pass the configuration to the command with the --config
argument:
steampipe_export_azuread --config '<your_config>' azuread_domain