steampipe plugin install azuread

Table: azuread_domain - Query Azure Active Directory Domains using SQL

Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It helps organizations to sign in and access resources in external resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications. Azure AD Domains represent the various domains that are associated with an Azure AD instance.

Table Usage Guide

The azuread_domain table provides insights into the domains within Azure Active Directory. As an IT administrator, you can explore domain-specific details through this table, including verification status, type of domain, and associated metadata. Utilize it to uncover information about domains, such as their authentication type, availability status, and whether they are the primary domain.

Examples

Basic info

Determine the administrative status and verification state of your Azure Active Directory domains, and gain insights into the supported services. This is beneficial for managing access controls and understanding the capabilities of your domains.

select
id,
is_admin_managed,
is_verified,
supported_services
from
azuread_domain;
select
id,
is_admin_managed,
is_verified,
supported_services
from
azuread_domain;

List verified domains

Discover the segments that are verified within your Azure Active Directory (AD) domain. This can help ensure the integrity and security of your domain by identifying those that have been validated.

select
id
from
azuread_domain
where
is_verified;
select
id
from
azuread_domain
where
is_verified;

Schema for azuread_domain

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
authentication_typetextIndicates the configured authentication type for the domain. The value is either Managed or Federated. Managed indicates a cloud managed domain where Azure AD performs user authentication. Federated indicates authentication is federated with an identity provider such as the tenant's on-premises Active Directory via Active Directory Federation Services.
idtext=The fully qualified name of the domain.
is_admin_managedbooleanThe value of the property is false if the DNS record management of the domain has been delegated to Microsoft 365. Otherwise, the value is true.
is_defaultbooleantrue if this is the default domain that is used for user creation. There is only one default domain per company.
is_initialbooleantrue if this is the initial domain created by Microsoft Online Services (companyname.onmicrosoft.com). There is only one initial domain per company.
is_rootbooleantrue if the domain is a verified root domain. Otherwise, false if the domain is a subdomain or unverified.
is_verifiedbooleantrue if the domain has completed domain ownership verification.
supported_servicesjsonbThe capabilities assigned to the domain. Can include 0, 1 or more of following values: Email, Sharepoint, EmailInternalRelayOnly, OfficeCommunicationsOnline, SharePointDefaultDomain, FullRedelegation, SharePointPublic, OrgIdAuthentication, Yammer, Intune. The values which you can add/remove using Graph API include: Email, OfficeCommunicationsOnline, Yammer.
tenant_idtextThe Azure Tenant ID where the resource is located.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azuread

You can pass the configuration to the command with the --config argument:

steampipe_export_azuread --config '<your_config>' azuread_domain