Apr 30 2020
05:35 PM
- last edited on
Apr 01 2022
12:15 PM
by
TechCommunityAP
Apr 30 2020
05:35 PM
- last edited on
Apr 01 2022
12:15 PM
by
TechCommunityAP
Hi everybody,
We need to authorise Office 365 tenant access to a partner so that they can implement a Dynamics-based system.
Relationship: Reseller
Admin roles: Global administrator, Helpdesk administrator
The fact that this partner needs global administrator access to the entire tenant is concerning.
From a security viewpoint, is there any way to monitor activity on the tenant by this partner? Maybe under Security & Compliance > Audit Log?
Thanks
Ash
Apr 30 2020 11:52 PM
The unified audit log is your best bet here. You can also use PIM and grant an "eligible" GA role, so that every time they need to perform some admin action with said account, someone on your end has to approve the elevation request.
May 03 2020 03:55 PM
May 04 2020 08:02 AM
SolutionThey are still performing those admin actions in the context of a user, so just search from events corresponding to said user.
May 04 2020 06:19 PM
May 04 2020 11:54 PM
Well they do provide credentials where accessing the partner portal, don't they?
May 05 2020 10:31 PM
@Vasil Michev That's true. Unfortunately we don't know the username the partner will use, only their domain.
The New-ProtectionAlert cmdlet may work for what I require, however I'm not sure if it can match any.user@partnerdomain.com. The cmdlet might be something like the following which I'll try to test tomorrow.
New-ProtectionAlert -Name "Partner Tenant Activity" -NotifyUser user@tenantdomain.com -ThreatType Activity - Filter "Activity.TargetUserOrGroupType -like 'partnerdomain.com'"
Nov 11 2021 03:20 PM
Dear All, have you found a way for customers to monitor and alert partner activity on their (customers) tenant? FYI - @ashmelburnian @Vasil Michev
Feb 15 2022 09:48 AM
May 04 2020 08:02 AM
SolutionThey are still performing those admin actions in the context of a user, so just search from events corresponding to said user.