Azure AD cross-tenant access settings Preview
Hi All,
Microsoft recently announced the Azure AD cross-tenant access settings Preview
Collaborate more securely with new cross-tenant access settings
Overview: Cross-tenant access with Azure AD External Identities (Preview)
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_00.jpg)
The settings can be found in Azure Active Directory > External Identities
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_01.jpg)
If you click on "Default settings" and then edit the defaults you will see the details
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_02.jpg)
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_03.jpg)
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_04.jpg)
I find this one of the most interesting Settings. If you have already done MFA in your home Tenant - i can trust that Setting. Something i would recommend for example.
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_05.jpg)
There is also a Workbook that shows the cross-tenant Activity
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_07.jpg)
This gives you already a good overview - but if you want to see more details, open up the LogAnalytics Query
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_08.jpg)
That's the Query behind the cross-tenant activity Workbook
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_09.jpg)
Microsoft has released a PowerShell Module based on the MGGraph Module
Find-Module MSIdentityTools
Install-Module MSIdentityTools
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_10.jpg)
These are the available Commands of the Module
Get-Command -Module MSIdentityTools
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_11.jpg)
With the following Commands you should be able to see the Names of the Tenant (ResolveTenantId) - but does not work here. Any hints?
Connect-MGGraph -Scope AuditLog.Read.All
Select-MgProfile -Name beta
Get-MSIDCrossTenantAccessActivity -SummaryStats -ResolveTenantId
Select-MgProfile -Name beta
Get-MSIDCrossTenantAccessActivity -SummaryStats -ResolveTenantId
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_12.jpg)
Update 07.04.2022
Branko Sabadi found out that you require the following Scope: CrossTenantInformation.ReadBasic.All
But it only works in PowerShell 7 as you can see
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_13.jpg)
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_14.jpg)
Connect-MgGraph -Scopes AuditLog.Read.All,CrossTenantInformation.ReadBasic.All
Select-MgProfile -Name "beta"
Select-MgProfile -Name "beta"
Resolve-MsIdTenant -TenantId 2e467102-8204-4e70-a8b6-11272c26e761
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_15.jpg)
Connect-MgGraph -Scopes AuditLog.Read.All,CrossTenantInformation.ReadBasic.All
Get-MSIDCrossTenantAccessActivity -SummaryStats -ResolveTenantId
Get-MSIDCrossTenantAccessActivity -SummaryStats -ResolveTenantId
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_16.jpg)
Connect-MgGraph -Scopes AuditLog.Read.All,CrossTenantInformation.ReadBasic.All
Resolve-MsIdTenant -TenantId 815d4e96-e3a0-41eb-9183-2fea315f3277
![](https://icewolffile.blob.core.windows.net/$web/202202/AAD_CrossTenantAccessSettings_17.jpg)
Regards
Andres
![](https://icewolffile.blob.core.windows.net/$web/logos/azure_logo.png)