An unknown user created a year ago was automatically added to the newly created AzureAD/365 tenant.

Allan Stark 411 Reputation points

I created a new empty AzureAD/365 tenant and linked an external existing "" domain to it.
After 15 minutes, a new user with upn like "" appeared in the tenant in this (external) domain with the creation date 2/12/2019.

This strange user has been automatically issued an "App Connect" license.
There is absolutely nothing in the Sign-Ins, only logins under my account and basic operations for setting up a new tenant.
In the Audit logs I see "Add member to group" event for this user with "Microsoft Teams Services" in Type Application and "User-Agent SkypeSpaces/1.0a$*+" in Additional Details.

What is it and why did this user auto-add happen?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,721 questions
No comments
{count} votes

Accepted answer
  1. Allan Stark 411 Reputation points

    Got answer from MS Support.
    It's a known behavior of self-service sign-up, when somebody in the past created Skype or Teams account with email verified.

    As for me, it's looks like the hole in the security... Because you can sell your dns domain, which once had a mail service, on-prem or in another cloud.
    Then someone who buys this domain from you will find "new" auto-created active accounts after it is linked that domain to a AzureAD/365 tenant.

    No comments

0 additional answers

Sort by: Most helpful