cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Can you see where your AAD user has a guest account?

vand3rlinden
Brass Contributor

‎Nov 16 2021 01:23 AM - last edited on ‎Jan 14 2022 03:23 PM by

‎Nov 16 2021 01:23 AM - last edited on ‎Jan 14 2022 03:23 PM by

Can you see where your AAD user has a guest account?

Hi all,

 

I figured out to see which of my users has guest access for b2b collaboration. I set a filter on the sign- in logs 'Cross tenant access type -> B2B Collaboration'. But it would be nice if I can see on which tenant the b2b access is granted.

 

Could you see this somewhere?

 

Thanks.

 

Regards,

 

Ricardo

1,514 Views
0 Likes
5 Replies
Reply
5 Replies
Jai Verma

‎Feb 15 2022 12:05 PM

‎Feb 15 2022 12:05 PM

Re: Can you see where your AAD user has a guest account?

Very interesting question, we can find the complete list of all the external tenants inbound and outbound using the Workbook - https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/workbook-cross-tenant-acc...

However, converting these tenant ID GUID seems not straight foward and I guess for security reasons. Why do you want to know the name of the tenant instead of tenant id?
0 Likes
Reply
vand3rlinden

‎Feb 15 2022 12:57 PM

‎Feb 15 2022 12:57 PM

Re: Can you see where your AAD user has a guest account?

Hi Jai Verma, thank you for sharing the workbook! For some audits I would like to know where the identity of the users lives, having tenants names could more clarify the activity.
0 Likes
Reply
Jai Verma

‎Feb 15 2022 10:02 PM

‎Feb 15 2022 10:02 PM

Re: Can you see where your AAD user has a guest account?

Here is another way I tried using my excel skills
- Download sign in logs
- Sign in logs has username and tenant id
Using Excel you can extract domain name from user's UPN portion after @ and it's hometenantID value and create a table. I understand it is not an efficient way but ok to start with.
0 Likes
Reply
best response confirmed by vand3rlinden (Brass Contributor)
Jai Verma

‎Feb 16 2022 02:35 AM

‎Feb 16 2022 02:35 AM

Solution

Re: Can you see where your AAD user has a guest account?

Actually the problem is that SignIn Logs table only have HomeTenantID in it's schema and not the name of the home tenant, you can find here - https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/SigninLogs

There is a manual way to find the name of the tenant
- download sign in logs or parse logs if you are using SIEM sort it on HomeTenantID
- Now for each home tenant id you will get many Sign in event. Open any event and look at the user's UPN and you will find the tenant readable name.

I know it is painful but I can only think of it.


0 Likes
Reply
vand3rlinden

‎Feb 16 2022 03:30 AM

‎Feb 16 2022 03:30 AM

Re: Can you see where your AAD user has a guest account?

Thank you Jai, this is working! Yes, painful, but working :)
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by vand3rlinden (Brass Contributor)
Jai Verma

‎Feb 16 2022 02:35 AM

‎Feb 16 2022 02:35 AM

Solution

Re: Can you see where your AAD user has a guest account?

Actually the problem is that SignIn Logs table only have HomeTenantID in it's schema and not the name of the home tenant, you can find here - https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/SigninLogs

There is a manual way to find the name of the tenant
- download sign in logs or parse logs if you are using SIEM sort it on HomeTenantID
- Now for each home tenant id you will get many Sign in event. Open any event and look at the user's UPN and you will find the tenant readable name.

I know it is painful but I can only think of it.


View solution in original post

0 Likes
Reply