Forum Discussion

TonyRedmond's avatar
Dec 16, 2016

The dreaded App@SharePoint user name problem

The ***blinking*** problem that causes "app@sharepoint" to show up in Delve as the author of documents appeared in November, went away in early December, and has now reappeared. What's going on?

18 Replies

  • Hemi610's avatar
    Hemi610
    Copper Contributor

    This is still an issue albeit not in Delve.  SharePoint/OneDrive Malware alerts all list mailto:app@SharePoint as the user who uploaded the malware.  Our security team are not SharePoint admins and so cannot grant themselves access to the sites, to discover the actual user who uploaded the problem files.  So, just figuring out who uploaded malicious files is an all-hands-on-deck affair when it should not be.  Why can't I just see who uploaded a file, from the Defender portal?

  • Ivan54's avatar
    Ivan54
    Bronze Contributor

    I've created a (regular) ticket in Office 365, and this is the response I got:

     

    The Account app@sharepoint is related to the SharePoint Applications (Auditing logs/Virus), it is a system account, belongs to the SharePoint Farms infrastructure, it was created to run on all Site Collections/Personal sites to collect auditing information. When the user provides some changes for his own Site Collection, or enables features or activates the site Auditing logs, his own account does not have the write permissions on the SharePoint Farm and this account it will be used to run and collect all the necessary information to be provided to the customer. Microsoft has set up a few security accounts to run in all Farms, in order for our customer to do some tasks, and get the required information. Also it is necessary for user security, for these accounts to always track the Site Collection searching for viruses that can be uploaded into SharePoint. Microsoft will not change that, all Farms have the same configuration and this same system account, and all Site Collections will use this account if they need to do it.

    What Activities Should the customer expect from this account?
    From the Customer side nothing will be expected, everything will be running normal, as should be, this account will not affect the Site Collection functionality or personal site, all the information on the Site Collection will be secure, and only the Site Owners and all people who have permissions to the site can see the information inside and share the same. This account can be visible if we create an auditing for our Site Collection or personal site. All private information is safe and, nothing will be collected, as we said before this account only gets information for auditing and looks for possible virus attack.

     

    Not in the slightest a helpful response *sigh* :(

    • Ivan54's avatar
      Ivan54
      Bronze Contributor

      no feedback yet from Microsoft Support.

    • Well, it is an answer, albeit a poor one. The problem is not that Microsoft has created accounts to take care of some background activity, which is perfectly acceptable and useful. The issue is that the Delve feels compelled to surface the existence of the dreaded app@sharepoint account. I have got to believe that it is within the wits of man and software engineering to filter out this activity...  Come on Microsoft, let's fix this lingering irritation!

      • Ivan54's avatar
        Ivan54
        Bronze Contributor

        I've tried to convey the issue again to Microsoft. 

        I hope the engineer properly understood the issue, and also the working scenario when searching in delve for the affected documents.

    • Ivan54's avatar
      Ivan54
      Bronze Contributor

      We're having the same issues.

  • Yngvar Mo's avatar
    Yngvar Mo
    Copper Contributor

    The same problem at our site.. Started appearing in Desember

     

     

    Regrads

    Yngvar

    • TonyRedmond's avatar
      TonyRedmond
      MVP

      I've also been talking to Mark. We discussed the issue after it first appeared, then I was told that all was well and a fix was in hand. Cue for sigh of relief... especially when the fix apparently appeared in production and Delve showed what it supposed to show. Then yesterday everything went wrong again... hence the commentary.

       

      I like Delve a lot but problems like this make me think that the development team doesn't use their own code for real work. If they did, they would surely have noticed and fixed the issue a long time ago...

Resources