| _key | core | string | |
| authentication_type | core | string | Indicates the configured authentication type for the domain. The value is either Managed or Federated. Managed indicates a cloud managed domain where Microsoft Entra ID performs user authentication. Federated indicates authentication is federated with an identity provider such as the tenant's on-premises Active Directory via Active Directory Federation Services. Not nullable. To update this property in delegated scenarios, the calling app must be assigned the Directory.AccessAsUser.All delegated permission. |
| availability_status | core | string | This property is always null except when the verify action is used. When the verify action is used, a domain entity is returned in the response. The availabilityStatus property of the domain entity in the response is either AvailableImmediately or EmailVerifiedDomainTakeoverScheduled. |
| domain_name_references | core | json | The objects such as users and groups that reference the domain ID. Read-only, Nullable. Doesn't support $expand. Supports $filter by the OData type of objects returned. For example, /domains/{domainId}/domainNameReferences/microsoft.graph.user and /domains/{domainId}/domainNameReferences/microsoft.graph.group. |
| federation_configuration | core | json | Domain settings configured by a customer when federated with Microsoft Entra ID. Doesn't support $expand. |
| id | core | string | The unique identifier for an entity. Read-only. |
| is_admin_managed | core | bool | The value of the property is false if the DNS record management of the domain is delegated to Microsoft 365. Otherwise, the value is true. Not nullable |
| is_default | core | bool | true if this is the default domain that is used for user creation. There's only one default domain per company. Not nullable. |
| is_initial | core | bool | true if this is the initial domain created by Microsoft Online Services (contoso.com). There's only one initial domain per company. Not nullable |
| is_root | core | bool | true if the domain is a verified root domain. Otherwise, false if the domain is a subdomain or unverified. Not nullable. |
| is_verified | core | bool | true if the domain completed domain ownership verification. Not nullable. |
| location | core | string | |
| manufacturer | core | string | |
| model | core | string | |
| name | core | string | |
| password_notification_window_in_days | core | int64 | Specifies the number of days before a user receives notification that their password expires. If the property isn't set, a default value of 14 days is used. |
| password_validity_period_in_days | core | int64 | Specifies the length of time that a password is valid before it must be changed. If the property isn't set, a default value of 90 days is used. |
| resource_group | core | string | |
| root_domain | core | json | Root domain of a subdomain. Read-only, Nullable. Supports $expand. |
| service_configuration_records | core | json | DNS records the customer adds to the DNS zone file of the domain before the domain can be used by Microsoft Online services. Read-only, Nullable. Doesn't support $expand. |
| state | core | json | Status of asynchronous operations scheduled for the domain. |
| subscription_id | core | string | |
| subscription_name | core | string | |
| supported_services | core | array<string> | The capabilities assigned to the domain. Can include 0, 1 or more of following values: Email, Sharepoint, EmailInternalRelayOnly, OfficeCommunicationsOnline, SharePointDefaultDomain, FullRedelegation, SharePointPublic, OrgIdAuthentication, Yammer, Intune. The values that you can add or remove using the API include: Email, OfficeCommunicationsOnline, Yammer. Not nullable. |
| tags | core | hstore_csv | |
| verification_dns_records | core | json | DNS records that the customer adds to the DNS zone file of the domain before the customer can complete domain ownership verification with Microsoft Entra ID. Read-only, Nullable. Doesn't support $expand. |
