Forum Discussion
Can you see where your AAD user has a guest account?
Hi all, I figured out to see which of my users has guest access for b2b collaboration. I set a filter on the sign- in logs 'Cross tenant access type -> B2B Collaboration'. But it would be nice if...
- Actually the problem is that SignIn Logs table only have HomeTenantID in it's schema and not the name of the home tenant, you can find here - https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/SigninLogs
There is a manual way to find the name of the tenant
- download sign in logs or parse logs if you are using SIEM sort it on HomeTenantID
- Now for each home tenant id you will get many Sign in event. Open any event and look at the user's UPN and you will find the tenant readable name.
I know it is painful but I can only think of it.
Very interesting question, we can find the complete list of all the external tenants inbound and outbound using the Workbook - https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/workbook-cross-tenant-access-activity
However, converting these tenant ID GUID seems not straight foward and I guess for security reasons. Why do you want to know the name of the tenant instead of tenant id?
However, converting these tenant ID GUID seems not straight foward and I guess for security reasons. Why do you want to know the name of the tenant instead of tenant id?
- Hi Jai Verma, thank you for sharing the workbook! For some audits I would like to know where the identity of the users lives, having tenants names could more clarify the activity.
- Here is another way I tried using my excel skills
- Download sign in logs
- Sign in logs has username and tenant id
Using Excel you can extract domain name from user's UPN portion after @ and it's hometenantID value and create a table. I understand it is not an efficient way but ok to start with.- Actually the problem is that SignIn Logs table only have HomeTenantID in it's schema and not the name of the home tenant, you can find here - https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/SigninLogs
There is a manual way to find the name of the tenant
- download sign in logs or parse logs if you are using SIEM sort it on HomeTenantID
- Now for each home tenant id you will get many Sign in event. Open any event and look at the user's UPN and you will find the tenant readable name.
I know it is painful but I can only think of it.
