cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Find all users in my tenant who are invited as guest in another tenant

Gottfried Jocham
Brass Contributor

‎May 27 2021 01:03 AM - last edited on ‎Jan 14 2022 03:45 PM by

‎May 27 2021 01:03 AM - last edited on ‎Jan 14 2022 03:45 PM by

Find all users in my tenant who are invited as guest in another tenant

Hello,

 

as the discussion subject states, I would like to know, which users in my own tenant are invited in other tenants as guest user (e.g. invited in other tenants' teams).

Is there any option, to find that out?

 

The background is, that we need to find that out in a shadow (unmanaged) tenant, before deleting that tenant and starting with a new managed tenant.

 

best regards

7,754 Views
2 Likes
5 Replies
Reply
5 Replies
souravmishra-msft

‎May 27 2021 10:40 PM

‎May 27 2021 10:40 PM

Re: Find all users in my tenant who are invited as guest in another tenant

Hello @GottfriedJocham, I am looking into this and let me get back to you on this.
1 Like
Reply
best response confirmed by Gottfried Jocham (Brass Contributor)
souravmishra-msft

‎May 28 2021 06:05 AM - edited ‎May 28 2021 06:10 AM

‎May 28 2021 06:05 AM - edited ‎May 28 2021 06:10 AM

Solution

Re: Find all users in my tenant who are invited as guest in another tenant

Hello @GottfriedJocham, I did some lookup and it looks like what you can do here is call the following REST API "https://management.azure.com/tenants?api-version=2020-01-01" and get list of the tenants that a user is a part of (in other words, where the user is added as guest user). One thing to note here is that this API requires a delegated permission (user permission) and how it works is, it would only shows the tenants of the user who has currently logged in and called this API with an access-token that was issued on behalf of that user.

 

For eg: If User-A logs in to your app that calls this API, then after user-A logs in and then AAD issues an access-token to the app on behalf-of User-A. When the app uses that access-token and calls the api “https://management.azure.com/tenants?api-version=2020-01-01”, then all the tenants that User-A is part of (added as guest user) would get listed.


To read more on this API, please refer: https://docs.microsoft.com/en-us/rest/api/resources/tenants/list

1 Like
Reply
Gottfried Jocham

‎May 28 2021 08:20 AM

‎May 28 2021 08:20 AM

Re: Find all users in my tenant who are invited as guest in another tenant

Thank you @souravmishra-msft!
In other words, I need to develop an app that calls that API with the user's delegated permission or am I wrong?
This requires each user to once call my app or did I missunderstood something here?

 

best regards

Gottfried

0 Likes
Reply
souravmishra-msft

‎May 29 2021 01:14 AM

‎May 29 2021 01:14 AM

Re: Find all users in my tenant who are invited as guest in another tenant

@GottfriedJocham, you are absolutely correct.
1 Like
Reply
Gottfried Jocham

‎Oct 05 2021 10:54 PM

‎Oct 05 2021 10:54 PM

Re: Find all users in my tenant who are invited as guest in another tenant

If anyone else is struggling with the same issue, I found following blogpost really useful.
https://chris-brumm.medium.com/outbound-aad-b2b-discovery-788b471ba677
Seems that the Sign-In logs of AAD and Log Analytics can help in that case.
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by Gottfried Jocham (Brass Contributor)
souravmishra-msft

‎May 28 2021 06:05 AM - edited ‎May 28 2021 06:10 AM

‎May 28 2021 06:05 AM - edited ‎May 28 2021 06:10 AM

Solution

Re: Find all users in my tenant who are invited as guest in another tenant

Hello @GottfriedJocham, I did some lookup and it looks like what you can do here is call the following REST API "https://management.azure.com/tenants?api-version=2020-01-01" and get list of the tenants that a user is a part of (in other words, where the user is added as guest user). One thing to note here is that this API requires a delegated permission (user permission) and how it works is, it would only shows the tenants of the user who has currently logged in and called this API with an access-token that was issued on behalf of that user.

 

For eg: If User-A logs in to your app that calls this API, then after user-A logs in and then AAD issues an access-token to the app on behalf-of User-A. When the app uses that access-token and calls the api “https://management.azure.com/tenants?api-version=2020-01-01”, then all the tenants that User-A is part of (added as guest user) would get listed.


To read more on this API, please refer: https://docs.microsoft.com/en-us/rest/api/resources/tenants/list

View solution in original post

1 Like
Reply