Hiya,
Microsoft documentation is abundant and confusing, but this SO question seems to give you an answer: https://stackoverflow.com/questions/66643625/azure-ad-fetch-tenant-id-using-client-details
They suggest using the client credentials grant and retrieving a token. You'd have to use Lambda HTTP Connect to make this call from inside one of the FusionAuth lambdas.
I have not tested this. Please let me know if you found other workarounds or solutions.