[CoE Starter Kit - BUG] Cross-tenant Isolation connection references still not working

[zellos13]

Does this bug already exist in our backlog?

• I have checked and confirm this is a new bug.

Describe the issue

Hello,

We've updated the CoE Starter Kit. We are now working on a June version. Everything is working fine except the cross-tenant isolation report.

We've set up the environment variable, and it's configured:

In our CoE Starter Kit - all new connection references are marked as cross-tenant:

In the screenshot, I've hidden the names, but these are our - internal domains included in the environment variable but they are still marked as cross-tenant. Can you tell me why?

Expected Behavior

No response

What solution are you experiencing the issue with?

Core

What solution version are you using?

Core 4.31

What app or flow are you having the issue with?

Cross-tenant isolation report

What method are you using to get inventory and telemetry?

None

Steps To Reproduce

No response

Anything else?

No response

[Jenefer-Monroe]

Hello,

We do not update the existing data set when you change the host domain, due to the API impact of having to check this every time the flows run. However new data collected going forward will respect the change.
To go back and change the existing data please see: #7164 (comment)

New new rows, these should be getting marked correctly.
Please go to the most recent run of Admin | Sync Template v4 (Connection Identities)

Do you see the string you entered in the Host Domains env var here?

Then here you should see the host domain list you put in that env var plus the host of the identity running the flow. Do you see that?

If the domain you are concerned about one not in this list?

[zellos13]

Hi,

As for the old con-ref, yes, I know that you don't update them. I am referring only to the newly created ones.

And yes - this flow runs every day successfully and yes I can see the domains in the list there and yes - the second action contains the domains list with the one from the trigger.

But I don't now what should be the outcome of this.

[Jenefer-Monroe]

Excused Host

Here is what you should see for users who's host is in the list but who's connection to that connector in that envt is not in the table. (You can go delete them from the table to test)

Once you have a repro, you can we what we do here. We see if that host is in the list, with this equation
@{if(contains(variables('HostDomainString'), toLower(last(split(items('Apply_to_each')['accountName'], '@')))), false, true)}

Things to check

• Do you have an unmanaged layer on the flow?
• If you have more than one domain listed in the env var, are they comma separated?
  myCo.onmicrosoft.com, partnerCo.onmicrosoft.com
• Does the user string that is after the @ sign match what you've put in the env var?
  

[Jenefer-Monroe]

closing out as no further action for starter kit team