A user that does not exist in your tenant has made changes in your tenant - ToddMaxey/Technical-Documentation GitHub Wiki

Issue:

You have noted in your Azure auditing logs one or more actions which was performed by a user which does not exist in your tenant.

Cause:

You obtained your tenant through a Microsoft Partner reseller. The partner has abilities in their customers tenant through a the ResellerPartnerDelegationAdmin. This establishes a Foreign Principal in the customer's tenant with mapped roles in the customer tenant.

A Foreign Principal in Azure is not unlike the Foreign Security Principal (FSP) in Active Directory (AD). In AD, a FSP is an object created by the Active Directory system to represent a security principal in a trusted external forest.

A user that does not exist in your tenant has made changes in your tenant - ToddMaxey/Technical-Documentation GitHub Wiki

Issue:

You have noted in your Azure auditing logs one or more actions which was performed by a user which does not exist in your tenant.

Cause:

You obtained your tenant through a Microsoft Partner reseller. The partner has abilities in their customers tenant through a the ResellerPartnerDelegationAdmin. This establishes a Foreign Principal in the customer's tenant with mapped roles in the customer tenant.

Determination:

To determine if a Foreign Principal is attached to your tenant and what access it has been granted you can use PowerShell.

PowerShell:

`Get-AzRoleAssignment | Where-Object {$_.DisplayName -like 'Foreign*'}`