Azure Lighthouse - Transparency of delegated AD group

DaZzLa 61 Reputation points
2022-08-29T09:33:56.793+00:00

Hi,

i have a customer who want's to see which employees are part of the delegated Azure AD group in our management tenant. This is a requirement of the customer for compliance reasons.

Is there any convinient way to achieve this?

My impression is that Lighthouse requires a certain level of trust and has no functionality for a customer to view who is inside the delegated AD group.

BR

Azure Lighthouse
Azure Lighthouse
An Azure service that provides secure managed services and access control for partners and customers.
65 questions
0 comments No comments
{count} votes

Accepted answer
  1. Alan Kinane 16,781 Reputation points MVP
    2022-08-29T09:52:59.11+00:00

    You are correct. What the customer will see is the Security group name(s) on the managing service provider's tenant. They cannot see the names of the members of that security group and there is no way to share these details with inviting the customer in to the service provider's tenant as a guest user and giving them permissions to see the group members - such as a directory reader role.

    I would not recommend this however as customers should not have access to a service provider's tenant. So I agree that a level of trust is required, the customer can see the level of access granted to their Azure resources but they are not entitled to see the names of the individual users with this access.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Andrew Blumhardt 9,491 Reputation points Microsoft Employee
    2022-08-29T12:28:06.727+00:00

    If the employees of the provider performs any actions, you can see the user logged in the Activity log. You can track activity back to the provider employee.

    0 comments No comments