Edit

Share via

domain: verify

  • Article

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Validate the ownership of a domain.

Important: Only applies to an unverified domain. For an unverified domain, the isVerified property of the domain is false.

Note

Verifying a domain through Microsoft Graph doesn't configure the domain for use with Office 365 services like Exchange. Fully configuring the domain to work with Microsoft 365 products might require extra steps. For more information, see Microsoft 365 admin setup.

This API is available in the following national cloud deployments.

Global service US Government L4 US Government L5 (DOD) China operated by 21Vianet

Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) Domain.ReadWrite.All Not available.
Delegated (personal Microsoft account) Not supported. Not supported.
Application Domain.ReadWrite.All Not available.

Important

In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. Domain Name Administrator is the least privileged role supported for this operation.

HTTP request

POST /domains/{id}/verify

For {id}, specify the domain with its fully qualified domain name.

Request headers

Name Description
Authorization Bearer {token}. Required. Learn more about authentication and authorization.
Content-Type application/json

Request body

In the request body, supply a JSON representation of the parameters.

The following table lists the parameters that are optional when you call this action.

Parameter Type Description
forceTakeover Boolean Optional. Used for external admin takeover of an unmanaged domain. The default value for this parameter is false.

If the domain to be verified is currently linked to an unmanaged tenant but you own the domain, use this parameter to take over that domain. Force takeover only succeeds when this tenant has verified their ownership of the domain by adding the TXT records to the domain registrar. For more information, see Take over an unmanaged directory as administrator in Microsoft Entra ID.

Response

If successful, this method returns 200 OK response code and domain object in the response body.

Example 1: Verify a domain

Request

POST https://graph.microsoft.com/beta/domains/contoso.com/verify

Response

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-type: application/json

{
  "authenticationType": "authenticationType-value",
  "availabilityStatus": "availabilityStatus-value",
  "isAdminManaged": true,
  "isDefault": true,
  "isInitial": true,
  "isRoot": true,
  "name": "contoso.com"
}

Example 2: External admin takeover of a domain

Request

POST https://graph.microsoft.com/beta/domains/contoso.com/verify

{
  "forceTakeover": true
}

Response

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-type: application/json

{
  "authenticationType": "authenticationType-value",
  "availabilityStatus": "availabilityStatus-value",
  "isAdminManaged": true,
  "isDefault": true,
  "isInitial": true,
  "isRoot": true,
  "name": "contoso.com",
  "isVerified": true
}