I want to identify if a user's email address is associated with an office 365 subscription. I know that in one case I can query dns dig example.com mx and look for .mail.protection.outlook.com. in the output. But that doesn't catch everyone.
Is there anything else I can do to identify which of my users should be able to log in with oauth2?
If you take the domain of the email address you want to query and do a Get against
https://login.microsoftonline.com/{domain}/v2.0/.well-known/openid-configuration That will return the OpenID Connect metadata document which should have all the information you need to determine that https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc
