I am using Azure Sign-in REST API to retrieve the Guest user sign-ins my tenant. But I have retrieved certain sign-ins which are showing the internal users as Guest in User Type attribute. Also absorbed HomeTenantId and ResourceTenantId also differs.
Certain times, while logging in to Azure AD Portal, directory of the previously logged-in tenant are logged in. In that cases TenantId may differ and userType attribute is shown as Guest. But for SharePoint I am not sure of the user Type guest
This is confusing a bit. Any idea on why Internal users are shown as Guest Users
Request : https://graph.microsoft.com/beta/auditLogs/signIns
Sample Response:
{ "id": "$$$$$$",
"createdDateTime": "2021-08-29T10:22:06Z",
"userDisplayName": "user",
"userPrincipalName": "user@cortana.onmicrosoft.com",
"userId": "$$$$$",
"appId": "08e18876-6177-487e-b8b5-cf950c1e598c",
"appDisplayName": "SharePoint Online Web Client Extensibility",
"ipAddress": "$$$$$$",
"ipAddressFromResourceProvider": null,
"clientAppUsed": "",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36",
"correlationId": "*",
"conditionalAccessStatus": "notApplied",
"originalRequestId": "",
"isInteractive": true,
"tokenIssuerName": "",
"tokenIssuerType": "AzureAD",
"processingTimeInMilliseconds": 173,
"riskDetail": "none",
"riskLevelAggregated": "none",
"riskLevelDuringSignIn": "none",
"riskState": "none",
"riskEventTypes": [],
"riskEventTypes_v2": [],
"resourceDisplayName": "Office 365 SharePoint Online",
"resourceId": "$$$$$$$",
"resourceTenantId": "$$$$$$$$$",
"homeTenantId": "#########",
"authenticationMethodsUsed": [],
"authenticationRequirement": "singleFactorAuthentication",
"alternateSignInName": "", "signInIdentifier": "",
"signInIdentifierType": null,
"servicePrincipalName": null,
"signInEventTypes": ["interactiveUser"],
"servicePrincipalId": "",
"userType": "guest",
"flaggedForReview": false,
"isTenantRestricted": false,
"autonomousSystemNumber": 45609,
"crossTenantAccessType": "b2bCollaboration",
"servicePrincipalCredentialKeyId": null,
"servicePrincipalCredentialThumbprint": "",
"mfaDetail": null,
"status": {
"errorCode": 0,
"failureReason": "Other.",
"additionalDetails": null },
"deviceDetail": {
"deviceId": "",
"displayName": "",
"operatingSystem": "Windows 10",
"browser": "Chrome 92.0.4515",
"isCompliant": false,
"isManaged": false,
"trustType": ""
}, "location": {
"city": "Kallimandayam",
"state": "Tamil Nadu",
"countryOrRegion": "IN",
"geoCoordinates": {
"altitude": null,
"latitude": "",
"longitude": ""
}}, "appliedConditionalAccessPolicies": [],
"authenticationProcessingDetails": [{
"key": "Login Hint Present",
"value": "True" },
{
"key": "User certificate authentication level",
"value": "singleFactorAuthentication" } ],
"networkLocationDetails": [],
"authenticationDetails": [],
"authenticationRequirementPolicies": [],
"sessionLifetimePolicies": [],
"privateLinkDetails": {
"policyId": "",
"policyName": "",
"resourceId": "",
"policyTenantId": "" } }
Thanks in Advance
Regards,
Maerona Wynn