Jun 09 2018
- last edited on
Jul 24 2020
Is there a way to easily verify which Guest User was invited by whom ? and to which SaaS App he actually has Access to ? I cannot find such a Option within the Azure AD Portal ?
I think its really necessary especially if normal Users can easily Invite People from Outside of your Company directly via Azure B2B without really notify the IT Admins. As im working under a Group Scenario means we have a lot of Companies with dedicated IT sharing the same Tenant but with only one Department having Root / Global Admin to the Tenant. So this Department needs easy overview which Users have done what regarding Guest Users.
Help to find a Solution would be appreciated.
Jun 10 2018 12:16 AM
The details regarding invitation sent to guest users can be checked in azure active directory audit logs.
Look for "Initiated by - Microsoft B2B admin worker" and "Microsoft Invitation Acceptance Portal".
Jun 16 2018 01:48 AM
Excuse the late reply. Regarding this i agree with you but what i mean is i would like to have a better view or understanding who is inviting which user and to which SaaS Apps and Resources on that SaaS App. I wish Azure Portal would kind of have a Dashboard to simplify search for a Guest or normal User and you could see right away to which apps he has access and which documents or files he lately accessed or having access to.
The Audit Logs you mentioned are ok but for example as inviter normally there is just the AzureB2B Inviter Service listened not the original User initiated the Invite. So basically you cannot see fully transparent which user invited the Guest and to which resources in detail.
Is there a good way to achieve this with the Built In Tools or is there at least a good 3th Party Reports or Audit Tool which brings all the Information in a good readable form out of the System ?
Jun 20 2018 01:25 AM
I am not aware of any third party tool, the article that I was referring was :-
Jun 21 2018 10:35 AM
Thank you, yes this one i know but i was more interested in kind of a detailed overview like to which resources the user has access to and what he actively is using from that resources and especially who did invite. Mostly in our Case its is kind of the "Microsoft Invitation Service" or SharePoint Default Guest Invitation Service, so there is no way to see who actually did the invite and to which resources. I believe this is not really transparent with regards to Security.
Oct 02 2018 10:32 AM
@Ueli Zimmermann agrre with you that there is no easy way to get this. In case of SharePoint, there is a cmdlet: Get-SPOExtUser . This cmdlet gives invited by information. But it is not consistent. I see invited by information for some site collections and I dont see it for other site collections. This cmdlet is very buggy.