Cross-tenant user search

“Which tenant is Sarah Smith in again?” — the answer in one search box instead of flipping through 50 tabs. Type a name, UPN fragment, or email and Manage365 fans out a Microsoft Graph $search to every active customer tenant at once.

How it works

1. You submit a query of at least 2 characters at /user-search.
2. The API loads every active customer tenant under your MSP and bucketizes them into a fan-out pool with 8 parallel workers.
3. Each worker issues a Graph /users?$search="displayName:q" OR "userPrincipalName:q" OR "mail:q" with ConsistencyLevel: eventual, capped at 5 results per tenant.
4. Per-tenant timeout is 5 seconds — one slow tenant can't stall the whole run.
5. Results are merged, capped at 150 total, sorted with enabled accounts first then alphabetical, and grouped by tenant in the UI.

Latency expectations

For a healthy portfolio of 50 tenants, 2–4 seconds end-to-end. 200 tenants: 4–8 seconds. Graph $search is the slow part — Manage365 is just the orchestrator.

Failed tenants

Tenants that fail (usually missing GDAP scope, sometimes transient Graph 5xx) are listed in a separate card below the results. The successful tenants' results are still returned. Check the failure list when a user you expect to find is missing — it's usually the tenant not granting User.Read.All to your GDAP role.

Permission

Requires users:read. All MSP-staff roles from L1 up have this by default.

What's not (yet) cached

Results are fetched live every search. No persistent cache — the next time you search the same name, Manage365 will fan out again. For MSPs running 500+ tenants this can get expensive; we'll add a cached user directory in a future release. Until then, the 30s in-memory TanStack Query cache means a back-button revisit is instant.