![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 89%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
3,704 questions
According to my experience, if you want to perform cross-tenant access, first need to create an application in your original tenant and grant it application permissions to access sites and sub-sites. Then you need to run the admin consent URL( https://login.microsoftonline.com/{customer tenant id}/adminconsent?client_id={client-id} ) in the browser and log in with the administrator of the target tenant and consent. After that, the application will be added to the target tenant as an enterprise application, and the application will also have the application permissions granted by you in the original tenant. Next, you only need to use the unattended client credential flow to obtain the access token and call the api to obtain the sites and subsites of all customer tenants.
But what I have to say is that because the tenant id of each tenant is different, you may have to run the admin consent URL more than 50 times in the browser to add your application to each customer tenant.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
