Forum Discussion

vand3rlinden's avatar
vand3rlinden
Brass Contributor
Nov 16, 2021

Can you see where your AAD user has a guest account?

Hi all,

 

I figured out to see which of my users has guest access for b2b collaboration. I set a filter on the sign- in logs 'Cross tenant access type -> B2B Collaboration'. But it would be nice if I can see on which tenant the b2b access is granted.

 

Could you see this somewhere?

 

Thanks.

 

Regards,

 

Ricardo

  • Actually the problem is that SignIn Logs table only have HomeTenantID in it's schema and not the name of the home tenant, you can find here - https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/SigninLogs

    There is a manual way to find the name of the tenant
    - download sign in logs or parse logs if you are using SIEM sort it on HomeTenantID
    - Now for each home tenant id you will get many Sign in event. Open any event and look at the user's UPN and you will find the tenant readable name.

    I know it is painful but I can only think of it.


    • vand3rlinden's avatar
      vand3rlinden
      Brass Contributor
      Hi Jai Verma, thank you for sharing the workbook! For some audits I would like to know where the identity of the users lives, having tenants names could more clarify the activity.
      • Jai Verma's avatar
        Jai Verma
        Brass Contributor
        Here is another way I tried using my excel skills
        - Download sign in logs
        - Sign in logs has username and tenant id
        Using Excel you can extract domain name from user's UPN portion after @ and it's hometenantID value and create a table. I understand it is not an efficient way but ok to start with.

Resources