Forum Discussion
Solved
Can you see where your AAD user has a guest account?
Hi all, I figured out to see which of my users has guest access for b2b collaboration. I set a filter on the sign- in logs 'Cross tenant access type -> B2B Collaboration'. But it would be nice if...
- Actually the problem is that SignIn Logs table only have HomeTenantID in it's schema and not the name of the home tenant, you can find here - https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/SigninLogs
There is a manual way to find the name of the tenant
- download sign in logs or parse logs if you are using SIEM sort it on HomeTenantID
- Now for each home tenant id you will get many Sign in event. Open any event and look at the user's UPN and you will find the tenant readable name.
I know it is painful but I can only think of it.
Here is another way I tried using my excel skills
- Download sign in logs
- Sign in logs has username and tenant id
Using Excel you can extract domain name from user's UPN portion after @ and it's hometenantID value and create a table. I understand it is not an efficient way but ok to start with.
- Download sign in logs
- Sign in logs has username and tenant id
Using Excel you can extract domain name from user's UPN portion after @ and it's hometenantID value and create a table. I understand it is not an efficient way but ok to start with.
Actually the problem is that SignIn Logs table only have HomeTenantID in it's schema and not the name of the home tenant, you can find here - https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/SigninLogs
There is a manual way to find the name of the tenant
- download sign in logs or parse logs if you are using SIEM sort it on HomeTenantID
- Now for each home tenant id you will get many Sign in event. Open any event and look at the user's UPN and you will find the tenant readable name.
I know it is painful but I can only think of it.
There is a manual way to find the name of the tenant
- download sign in logs or parse logs if you are using SIEM sort it on HomeTenantID
- Now for each home tenant id you will get many Sign in event. Open any event and look at the user's UPN and you will find the tenant readable name.
I know it is painful but I can only think of it.
- Thank you Jai, this is working! Yes, painful, but working 🙂
