Use the Graph API to identify service accounts outside MSIT

Mohammad Kiaei 0 Reputation points Microsoft Employee
2023-11-28T03:56:12.8366667+00:00

Is it possible to use Microsoft Graph API to identify service accounts for other tenants beyond MSIT?

The API query result has a field "onPremisesDistinguishedName" which helps to identify if it's a real user (OU=Users) or a service account (OU=ServiceAccounts). Is there a similar way to identify service accounts for other tenants?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,413 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Md Asif Muztaba 320 Reputation points Microsoft Vendor
    2023-12-18T21:30:39.5033333+00:00

    The Microsoft Graph API provides a way to interact with resources in Microsoft 365, including user accounts and service accounts. However, the ability to identify service accounts for other tenants beyond MSIT may depend on the specific permissions and configurations of those tenants.

    The “onPremisesDistinguishedName” field can indeed help identify if an account is a real user or a service account in the context of an on-premises Active Directory environment. However, this might not be directly applicable for other tenants, especially if they are purely cloud-based or have different organizational unit (OU) structures.

    For other tenants, you might need to use other fields or methods to identify service accounts. This could involve looking at other properties of the user accounts, or it could require additional steps such as registering an app with Microsoft and configuring the appropriate permissions.

    Please note that the specifics can vary greatly depending on the configuration and policies of the individual tenants. Therefore, it’s recommended to refer to the official Microsoft Graph documentation or consult with a Microsoft representative for the most accurate information.

    Remember, any operation that involves accessing or modifying resources in another tenant would require the appropriate permissions and should be done in accordance with all relevant policies and regulations. It’s important to ensure that any such operations respect privacy and security considerations.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments No comments