Azure AD cross-tenant access settings Preview

Andres Bohren
Hi All,

Microsoft recently announced the Azure AD cross-tenant access settings Preview

Collaborate more securely with new cross-tenant access settings

Overview: Cross-tenant access with Azure AD External Identities (Preview)


The settings can be found in Azure Active Directory > External Identities


If you click on "Default settings" and then edit the defaults you will see the details




I find this one of the most interesting Settings. If you have already done MFA in your home Tenant - i can trust that Setting. Something i would recommend for example.


There is also a Workbook that shows the cross-tenant Activity


This gives you already a good overview - but if you want to see more details, open up the LogAnalytics Query


That's the Query behind the cross-tenant activity Workbook


Microsoft has released a PowerShell Module based on the MGGraph Module

Find-Module MSIdentityTools
Install-Module MSIdentityTools


These are the available Commands of the Module

Get-Command -Module MSIdentityTools


With the following Commands you should be able to see the Names of the Tenant (ResolveTenantId) - but does not work here. Any hints?

Connect-MGGraph -Scope AuditLog.Read.All
Select-MgProfile -Name beta
Get-MSIDCrossTenantAccessActivity -SummaryStats -ResolveTenantId



Update 07.04.2022
Branko Sabadi found out that you require the following Scope: CrossTenantInformation.ReadBasic.All
But it only works in PowerShell 7 as you can see





Connect-MgGraph -Scopes AuditLog.Read.All,CrossTenantInformation.ReadBasic.All
Select-MgProfile -Name "beta"
Resolve-MsIdTenant -TenantId 2e467102-8204-4e70-a8b6-11272c26e761



Connect-MgGraph -Scopes AuditLog.Read.All,CrossTenantInformation.ReadBasic.All
Get-MSIDCrossTenantAccessActivity -SummaryStats -ResolveTenantId



Connect-MgGraph -Scopes AuditLog.Read.All,CrossTenantInformation.ReadBasic.All
Resolve-MsIdTenant -TenantId 815d4e96-e3a0-41eb-9183-2fea315f3277



Regards
Andres