question

StephanvanRooij-6273 avatar image
1 Vote"
StephanvanRooij-6273 asked DeepSingh-3511 answered

List tenants for current user without user_impersonation on Azure manament api

I'm looking for a way to access a list of tenants the current user, so the home tenant and tenants where he/she is invited as guest.

I know the existence of List Tenants in the Azure management api, but that API only has ONE scope, namely 'user_impersonation'. This is a bad thing for several reasons:

  1. Users probably won't allow our application to control their entire Azure subscriptions

  2. If an admin would allow us access to this scope, it could lead to some really bad stuff happening (account take over, removing all items from their azure subscription, just to name a few)

This is also described here https://stackoverflow.com/questions/60461875/azure-resource-management-api-without-user-impersonation-is-it-possible

https://docs.microsoft.com/en-us/rest/api/resources/tenants/list

It would be great if this would come on the radar of the Graph development team, it would be great if there was a way in the Graph API to just list the tenants a user is a member of with either a Tenants.Read scope (new), or to be able to access this information with the 'User.Read' or 'profile' scope.

Our use case also doesn't need all the details as provided by the Azure Resource Api, the Id, Name and Home/Guest fields would suffice.
Something like:

 [
   {
     "id": "896a4689-1e14-4572-9375-028c2449d145",
     "name": "Tenant A",
     "userTenant": "Home"
   },
   {
     "id": "f4af3776-fb13-470f-86ae-1c185a4c2e63",
     "name": "Tenant b",
     "userTenant": "Guest"
   },
   {
     "id": "ae287e2c-979e-4590-a51a-729f42adbbe2",
     "name": "Tenant C",
     "userTenant": "Guest"
   }
 ]



I also asked this question on twitter, where the Azure Support team refered me to this page

microsoft-graph-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

StephanvanRooij-6273 avatar image
1 Vote"
StephanvanRooij-6273 answered

We posted a feature request https://techcommunity.microsoft.com/t5/microsoft-365-developer-platform/graph-api-tenant-list-for-user/idi-p/2465710

That doesn't mean this question is solved, but I hope its getting the attention it deserves.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Deva-MSFT avatar image
0 Votes"
Deva-MSFT answered

Please file the feature request so that it can be considered to be implemented.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DeepSingh-3511 avatar image
0 Votes"
DeepSingh-3511 answered

Any updates on this? :)

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.