question

mgy-333 avatar image
0 Votes"
mgy-333 asked mgy-333 commented

AzureActivity's Caller fields shown as object-id ranther email.

Is it all the Object id caller is related to system action?

For example,
some MICROSOFT.AUTHORIZATION/ROLEASSIGNMENTS/WRITE log show caller is abc@gmail.com, but some of it show as 072c1c95-xxxx-xxxx-xxxx-d2f0bd3cf037.


azure-event-hubs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

PRADEEPCHEEKATLA-MSFT avatar image
0 Votes"
PRADEEPCHEEKATLA-MSFT answered mgy-333 commented

Hello @mgy-333,

Welcome to the Microsoft Q&A platform.

Typically, a GUID means that it was an application or service principal that performed the option. The best way to do that lookup is to use the AAD powershell cmdlets, Get-AzureADObjectByObjectId. The reason is that sometimes it is a Service Principal, sometimes it is an application. By using the command to get object ID, you cover both types.

Hope this helps. Do let us know if you any further queries.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @PRADEEPCHEEKATLA-MSFT

Thanks for your answers. Is it any other way to lookup/correlate the GUIDs? For some situations, it doesn't have permission to lookup it using AAD PowerShell cmdlets.

0 Votes 0 ·