Forum Discussion

gojo12's avatar
gojo12
Brass Contributor
May 27, 2021
Solved

Find all users in my tenant who are invited as guest in another tenant

Hello,   as the discussion subject states, I would like to know, which users in my own tenant are invited in other tenants as guest user (e.g. invited in other tenants' teams). Is there any option...
Access Management
Azure Active Directory (AAD)
  • souravmishra-msft's avatar
    souravmishra-msft
    May 28, 2021

    Hello @GottfriedJocham, I did some lookup and it looks like what you can do here is call the following REST API "https://management.azure.com/tenants?api-version=2020-01-01" and get list of the tenants that a user is a part of (in other words, where the user is added as guest user). One thing to note here is that this API requires a delegated permission (user permission) and how it works is, it would only shows the tenants of the user who has currently logged in and called this API with an access-token that was issued on behalf of that user.

     

    For eg: If User-A logs in to your app that calls this API, then after user-A logs in and then AAD issues an access-token to the app on behalf-of User-A. When the app uses that access-token and calls the api ā€œhttps://management.azure.com/tenants?api-version=2020-01-01ā€, then all the tenants that User-A is part of (added as guest user) would get listed.


    To read more on this API, please refer: https://docs.microsoft.com/en-us/rest/api/resources/tenants/list

gojo12's avatar
gojo12
Brass Contributor
Oct 06, 2021
If anyone else is struggling with the same issue, I found following blogpost really useful.
https://chris-brumm.medium.com/outbound-aad-b2b-discovery-788b471ba677
Seems that the Sign-In logs of AAD and Log Analytics can help in that case.

Resources