cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Monitoring partner relationship activity

ashmelburnian
Brass Contributor

‎Apr 30 2020 05:35 PM - last edited on ‎Apr 01 2022 12:15 PM by

‎Apr 30 2020 05:35 PM - last edited on ‎Apr 01 2022 12:15 PM by

Monitoring partner relationship activity

Hi everybody,

 

We need to authorise Office 365 tenant access to a partner so that they can implement a Dynamics-based system.

 

Relationship: Reseller

Admin roles: Global administrator, Helpdesk administrator

 

The fact that this partner needs global administrator access to the entire tenant is concerning.

 

From a security viewpoint, is there any way to monitor activity on the tenant by this partner? Maybe under Security & Compliance > Audit Log?

 

Thanks

 

Ash

4,488 Views
1 Like
8 Replies
Reply
8 Replies
Vasil Michev

‎Apr 30 2020 11:52 PM

‎Apr 30 2020 11:52 PM

Re: Monitoring partner relationship activity

The unified audit log is your best bet here. You can also use PIM and grant an "eligible" GA role, so that every time they need to perform some admin action with said account, someone on your end has to approve the elevation request.

1 Like
Reply
ashmelburnian

‎May 03 2020 03:55 PM

‎May 03 2020 03:55 PM

Re: Monitoring partner relationship activity

Thanks for your help. I don't think the "eligible" GA role and PIM will work as the partner needs full admin access to the tenant ongoing to allow Dynamics to function.

In regards to the audit log, do you know how to specifically see logged activity by the partner?
0 Likes
Reply
best response confirmed by ashmelburnian (Brass Contributor)
Vasil Michev

‎May 04 2020 08:02 AM

‎May 04 2020 08:02 AM

Solution

Re: Monitoring partner relationship activity

They are still performing those admin actions in the context of a user, so just search from events corresponding to said user.

0 Likes
Reply
ashmelburnian

‎May 04 2020 06:19 PM

‎May 04 2020 06:19 PM

Re: Monitoring partner relationship activity

Is there any way to connect a partner connection directly to a specific global admin user account?

Note that if they access the tenant admin console they would be doing so via the MS Partner portal / not entering login details.
0 Likes
Reply
Vasil Michev

‎May 04 2020 11:54 PM

‎May 04 2020 11:54 PM

Re: Monitoring partner relationship activity

Well they do provide credentials where accessing the partner portal, don't they?

0 Likes
Reply
ashmelburnian

‎May 05 2020 10:31 PM

‎May 05 2020 10:31 PM

Re: Monitoring partner relationship activity

@Vasil Michev  That's true. Unfortunately we don't know the username the partner will use, only their domain.

 

The New-ProtectionAlert cmdlet may work for what I require, however I'm not sure if it can match any.user@partnerdomain.com. The cmdlet might be something like the following which I'll try to test tomorrow.

 

New-ProtectionAlert -Name "Partner Tenant Activity" -NotifyUser user@tenantdomain.com -ThreatType Activity - Filter "Activity.TargetUserOrGroupType -like 'partnerdomain.com'"

0 Likes
Reply
Sergg

‎Nov 11 2021 03:20 PM

‎Nov 11 2021 03:20 PM

Re: Monitoring partner relationship activity

Dear All, have you found a way for customers to monitor and alert partner activity on their (customers) tenant? FYI - @ashmelburnian @Vasil Michev 

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by ashmelburnian (Brass Contributor)
Vasil Michev

‎May 04 2020 08:02 AM

‎May 04 2020 08:02 AM

Solution

Re: Monitoring partner relationship activity

They are still performing those admin actions in the context of a user, so just search from events corresponding to said user.

View solution in original post

0 Likes
Reply