Forum Discussion
Find all users in my tenant who are invited as guest in another tenant
Hello,
as the discussion subject states, I would like to know, which users in my own tenant are invited in other tenants as guest user (e.g. invited in other tenants' teams).
Is there any option, to find that out?
The background is, that we need to find that out in a shadow (unmanaged) tenant, before deleting that tenant and starting with a new managed tenant.
best regards
Hello @GottfriedJocham, I did some lookup and it looks like what you can do here is call the following REST API "https://management.azure.com/tenants?api-version=2020-01-01" and get list of the tenants that a user is a part of (in other words, where the user is added as guest user). One thing to note here is that this API requires a delegated permission (user permission) and how it works is, it would only shows the tenants of the user who has currently logged in and called this API with an access-token that was issued on behalf of that user.
For eg: If User-A logs in to your app that calls this API, then after user-A logs in and then AAD issues an access-token to the app on behalf-of User-A. When the app uses that access-token and calls the api “https://management.azure.com/tenants?api-version=2020-01-01”, then all the tenants that User-A is part of (added as guest user) would get listed.
To read more on this API, please refer: https://docs.microsoft.com/en-us/rest/api/resources/tenants/list
5 Replies
- If anyone else is struggling with the same issue, I found following blogpost really useful.
https://chris-brumm.medium.com/outbound-aad-b2b-discovery-788b471ba677
Seems that the Sign-In logs of AAD and Log Analytics can help in that case. 
souravmishra-msftMicrosoft
Hello @GottfriedJocham, I am looking into this and let me get back to you on this.- souravmishra-msft
Hello @GottfriedJocham, I did some lookup and it looks like what you can do here is call the following REST API "https://management.azure.com/tenants?api-version=2020-01-01" and get list of the tenants that a user is a part of (in other words, where the user is added as guest user). One thing to note here is that this API requires a delegated permission (user permission) and how it works is, it would only shows the tenants of the user who has currently logged in and called this API with an access-token that was issued on behalf of that user.
For eg: If User-A logs in to your app that calls this API, then after user-A logs in and then AAD issues an access-token to the app on behalf-of User-A. When the app uses that access-token and calls the api “https://management.azure.com/tenants?api-version=2020-01-01”, then all the tenants that User-A is part of (added as guest user) would get listed.
To read more on this API, please refer: https://docs.microsoft.com/en-us/rest/api/resources/tenants/listThank you souravmishra-msft!
In other words, I need to develop an app that calls that API with the user's delegated permission or am I wrong?
This requires each user to once call my app or did I missunderstood something here?best regards
Gottfried
