What is the app@sharepoint account?

Posted by

if you’re digging into Cloud App logs, Sentinel or even log analytics logs, probably you’ll realize that there are some activities done by an account named “app@sharepoint”.

Coming from the worlds of SharePoint OnPrem, my first reaction was… what is this? but then, I feel curious about that account and I started to dig in for some more detail. So you can follow the same steps as I did:

First, in your log analytics query, type the following:

So… what we can extract from this information? that app@sharepoint is an account used a service principal for SharePoint operations (and yes for teams, OneDrive as well).

Now, we have solved a little mistery and you can go on and whitelist the acoount if you think it’s necessary to not to make more noise in your logs

till next time!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s