Forum Discussion
Solved
Can you see where your AAD user has a guest account?
Hi all, I figured out to see which of my users has guest access for b2b collaboration. I set a filter on the sign- in logs 'Cross tenant access type -> B2B Collaboration'. But it would be nice if...
- Actually the problem is that SignIn Logs table only have HomeTenantID in it's schema and not the name of the home tenant, you can find here - https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/SigninLogs
There is a manual way to find the name of the tenant
- download sign in logs or parse logs if you are using SIEM sort it on HomeTenantID
- Now for each home tenant id you will get many Sign in event. Open any event and look at the user's UPN and you will find the tenant readable name.
I know it is painful but I can only think of it.
Hi Jai Verma, thank you for sharing the workbook! For some audits I would like to know where the identity of the users lives, having tenants names could more clarify the activity.
Here is another way I tried using my excel skills
- Download sign in logs
- Sign in logs has username and tenant id
Using Excel you can extract domain name from user's UPN portion after @ and it's hometenantID value and create a table. I understand it is not an efficient way but ok to start with.
- Download sign in logs
- Sign in logs has username and tenant id
Using Excel you can extract domain name from user's UPN portion after @ and it's hometenantID value and create a table. I understand it is not an efficient way but ok to start with.
- Actually the problem is that SignIn Logs table only have HomeTenantID in it's schema and not the name of the home tenant, you can find here - https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/SigninLogs
There is a manual way to find the name of the tenant
- download sign in logs or parse logs if you are using SIEM sort it on HomeTenantID
- Now for each home tenant id you will get many Sign in event. Open any event and look at the user's UPN and you will find the tenant readable name.
I know it is painful but I can only think of it.- Thank you Jai, this is working! Yes, painful, but working 🙂