An unknown user created a year ago was automatically added to the newly created AzureAD/365 tenant.

Allan Stark 411 Reputation points
2021-04-26T11:09:29.04+00:00

I created a new empty AzureAD/365 tenant and linked an external existing "external-domain.com" domain to it.
After 15 minutes, a new user with upn like "username@external-domain.com" appeared in the tenant in this (external) domain with the creation date 2/12/2019.

This strange user has been automatically issued an "App Connect" license.
There is absolutely nothing in the Sign-Ins, only logins under my account and basic operations for setting up a new tenant.
In the Audit logs I see "Add member to group" event for this user with "Microsoft Teams Services" in Type Application and "User-Agent SkypeSpaces/1.0a$*+" in Additional Details.

What is it and why did this user auto-add happen?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,721 questions
No comments
{count} votes

Accepted answer
  1. Allan Stark 411 Reputation points
    2021-04-27T13:26:02.297+00:00

    Got answer from MS Support.
    It's a known behavior of self-service sign-up, when somebody in the past created Skype or Teams account with email verified.

    https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-self-service-signup#terms-and-definitions

    As for me, it's looks like the hole in the security... Because you can sell your dns domain, which once had a mail service, on-prem or in another cloud.
    Then someone who buys this domain from you will find "new" auto-created active accounts after it is linked that domain to a AzureAD/365 tenant.

    No comments

0 additional answers

Sort by: Most helpful