diff --git a/src/Microsoft.Identity.Web.MicrosoftGraph/BaseRequestExtensions.cs b/src/Microsoft.Identity.Web.MicrosoftGraph/BaseRequestExtensions.cs
index 3aca5470f..9b3772a1b 100644
--- a/src/Microsoft.Identity.Web.MicrosoftGraph/BaseRequestExtensions.cs
+++ b/src/Microsoft.Identity.Web.MicrosoftGraph/BaseRequestExtensions.cs
@@ -30,10 +30,15 @@ public static T WithScopes<T>(this T baseRequest, params string[] scopes) where
         /// <typeparam name="T">Type of the request.</typeparam>
         /// <param name="baseRequest">Request.</param>
         /// <param name="appOnly">Should the permissions be app only or not.</param>
+        /// <param name="tenant">Tenant ID or domain for which we want to make the call..</param>
         /// <returns></returns>
-        public static T WithAppOnly<T>(this T baseRequest, bool appOnly = true) where T : IBaseRequest
+        public static T WithAppOnly<T>(this T baseRequest, bool appOnly = true, string? tenant = null) where T : IBaseRequest
         {
-            return SetParameter(baseRequest, options => options.AppOnly = appOnly);
+            return SetParameter(baseRequest, options =>
+            {
+                options.AppOnly = appOnly;
+                options.Tenant = tenant;
+            });
         }
 
         private static T SetParameter<T>(T baseRequest, Action<TokenAcquisitionAuthenticationProviderOption> action) where T : IBaseRequest
diff --git a/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProvider.cs b/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProvider.cs
index 9e582ca47..0a6b07476 100644
--- a/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProvider.cs
+++ b/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProvider.cs
@@ -33,11 +33,13 @@ public async Task AuthenticateRequestAsync(HttpRequestMessage request)
             // Default options to settings provided during intialization
             var scopes = _initialOptions.Scopes;
             bool appOnly = _initialOptions.AppOnly ?? false;
+            string? tenant = _initialOptions.Tenant ?? null;
             // Extract per-request options from the request if present
             TokenAcquisitionAuthenticationProviderOption? msalAuthProviderOption = GetMsalAuthProviderOption(request);
             if (msalAuthProviderOption != null) {
                 scopes = msalAuthProviderOption.Scopes ?? scopes;
                 appOnly = msalAuthProviderOption.AppOnly ?? appOnly;
+                tenant = msalAuthProviderOption.Tenant ?? tenant;
             }
 
             if (!appOnly && scopes == null)
@@ -50,7 +52,7 @@ public async Task AuthenticateRequestAsync(HttpRequestMessage request)
             string token;
             if (appOnly)
             {
-                token = await _tokenAcquisition.GetAccessTokenForAppAsync(Constants.DefaultGraphScope).ConfigureAwait(false);
+                token = await _tokenAcquisition.GetAccessTokenForAppAsync(Constants.DefaultGraphScope, tenant).ConfigureAwait(false);
             }
             else
             {
diff --git a/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProviderOption.cs b/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProviderOption.cs
index 96471c3e9..80855ac57 100644
--- a/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProviderOption.cs
+++ b/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProviderOption.cs
@@ -6,5 +6,6 @@ internal class TokenAcquisitionAuthenticationProviderOption : IAuthenticationPro
     {
         public string[]? Scopes { get; set; }
         public bool? AppOnly { get; set; }
+        public string? Tenant { get; set; }
     }
 }