blog.icewolf.ch

Let's talk about IT!
posts - 2205, comments - 295, trackbacks - 0

My Links

Archives

Post Categories

icewolf

Azure AD cross-tenant access settings Preview

Hi All,

Microsoft recently announced the Azure AD cross-tenant access settings Preview

Collaborate more securely with new cross-tenant access settings

Overview: Cross-tenant access with Azure AD External Identities (Preview)


The settings can be found in Azure Active Directory > External Identities


If you click on "Default settings" and then edit the defaults you will see the details




I find this one of the most interesting Settings. If you have already done MFA in your home Tenant - i can trust that Setting. Something i would recommend for example.


There is also a Workbook that shows the cross-tenant Activity


This gives you already a good overview - but if you want to see more details, open up the LogAnalytics Query


That's the Query behind the cross-tenant activity Workbook


Microsoft has released a PowerShell Module based on the MGGraph Module

Find-Module MSIdentityTools
Install-Module MSIdentityTools


These are the available Commands of the Module

Get-Command -Module MSIdentityTools


With the following Commands you should be able to see the Names of the Tenant (ResolveTenantId) - but does not work here. Any hints?

Connect-MGGraph -Scope AuditLog.Read.All
Select-MgProfile -Name beta
Get-MSIDCrossTenantAccessActivity -SummaryStats -ResolveTenantId



Update 07.04.2022
Branko Sabadi found out that you require the following Scope: CrossTenantInformation.ReadBasic.All
But it only works in PowerShell 7 as you can see





Connect-MgGraph -Scopes AuditLog.Read.All,CrossTenantInformation.ReadBasic.All
Select-MgProfile -Name "beta"
Resolve-MsIdTenant -TenantId 2e467102-8204-4e70-a8b6-11272c26e761



Connect-MgGraph -Scopes AuditLog.Read.All,CrossTenantInformation.ReadBasic.All
Get-MSIDCrossTenantAccessActivity -SummaryStats -ResolveTenantId




Connect-MgGraph -Scopes AuditLog.Read.All,CrossTenantInformation.ReadBasic.All
Resolve-MsIdTenant -TenantId 815d4e96-e3a0-41eb-9183-2fea315f3277



Regards
Andres


Print | posted on Sunday, February 20, 2022 10:53 AM | Filed Under [ Azure ]

Powered by:
Powered By Subtext Powered By ASP.NET