What is the app@sharepoint account?

if you’re digging into Cloud App logs, Sentinel or even log analytics logs, probably you’ll realize that there are some activities done by an account named “app@sharepoint”.

Coming from the worlds of SharePoint OnPrem, my first reaction was… what is this? but then, I feel curious about that account and I started to dig in for some more detail. So you can follow the same steps as I did:

First, in your log analytics query, type the following:

So… what we can extract from this information? that app@sharepoint is an account used a service principal for SharePoint operations (and yes for teams, OneDrive as well).

Now, we have solved a little mistery and you can go on and whitelist the acoount if you think it’s necessary to not to make more noise in your logs

till next time!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s