Query Details
Identity Visualize Inboundvs Outbound Guests
Query
//Visualize inbound Azure AD guests (other tenants connecting to your tenant) vs outbound (your users connecting to other tenants)
//Data connector required for this query - Azure Active Directory - Signin Logs
SigninLogs
| where TimeGenerated > ago (30d)
| where UserType == "Guest"
| where ResultType == 0
| summarize
['Inbound Guests']=countif(AADTenantId != HomeTenantId and HomeTenantId != ResourceTenantId),
['Outbound Guests']=countif(AADTenantId == HomeTenantId and ResourceTenantId != AADTenantId)
by bin(TimeGenerated, 1d)
| render timechart with (title="Inbound Guest vs Outbound Guest Access", ytitle="Number of connections")Explanation
This query analyzes the inbound and outbound connections between tenants in Azure Active Directory. It uses the SigninLogs data connector and filters the data for the past 30 days. It then counts the number of inbound and outbound guest users, based on specific conditions. The results are summarized and visualized in a timechart, showing the number of connections over time. The chart is titled "Inbound Guest vs Outbound Guest Access" and the y-axis represents the number of connections.
Details
Matt Zorich
Released: June 17, 2022
Tables
SigninLogs
Keywords
SigninLogs,TimeGenerated,UserType,ResultType,AADTenantId,HomeTenantId,ResourceTenantId
Operators
whereago==andsummarizecountif!=binbyrender