Forum Discussion

Brass Contributor

Jun 09, 2018

Azure B2B Guest User Management

Hello All, Is there a way to easily verify which Guest User was invited by whom ? and to which SaaS App he actually has Access to ? I cannot find such a Option within the Azure AD Portal ? I t...

Access Management

Azure Active Directory (AAD)

Identity Management

Ueli Zimmermann

Brass Contributor

Jun 16, 2018

Hello Rishabh,

Excuse the late reply. Regarding this i agree with you but what i mean is i would like to have a better view or understanding who is inviting which user and to which SaaS Apps and Resources on that SaaS App. I wish Azure Portal would kind of have a Dashboard to simplify search for a Guest or normal User and you could see right away to which apps he has access and which documents or files he lately accessed or having access to.

The Audit Logs you mentioned are ok but for example as inviter normally there is just the AzureB2B Inviter Service listened not the original User initiated the Invite. So basically you cannot see fully transparent which user invited the Guest and to which resources in detail.

Is there a good way to achieve this with the Built In Tools or is there at least a good 3th Party Reports or Audit Tool which brings all the Information in a good readable form out of the System ?

Cheers

Ueli

Rishabh Srivastava

Iron Contributor

Jun 20, 2018

Hey Ueli,

I am not aware of any third party tool, the article that I was referring was :-

https://docs.microsoft.com/en-us/azure/active-directory/b2b/auditing-and-reporting

Regards,

Rishabh

Ueli Zimmermann
Brass Contributor
Jun 21, 2018
Hello Rishabh

Thank you, yes this one i know but i was more interested in kind of a detailed overview like to which resources the user has access to and what he actively is using from that resources and especially who did invite. Mostly in our Case its is kind of the "Microsoft Invitation Service" or SharePoint Default Guest Invitation Service, so there is no way to see who actually did the invite and to which resources. I believe this is not really transparent with regards to Security.

Best regards
Ueli
- kiran bellala
  Brass Contributor
  Oct 02, 2018
  Ueli Zimmermann agrre with you that there is no easy way to get this. In case of SharePoint, there is a cmdlet: https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/get-spoexternaluser?view=sharepoint-ps. This cmdlet gives invited by information. But it is not consistent. I see invited by information for some site collections and I dont see it for other site collections. This cmdlet is very buggy.
  - JimGibson
    Copper Contributor
    Mar 06, 2019
    @Ueli Zimmermann ChangeAuditor for Active Directory which logs all Azure AD Events, from https://www.quest.com will all you do see who is creating and inviting external users into your tenant