Forum Discussion
Azure DevOps Service as ActorDisplayName in Sentinel Logs
Hello there, While creating alerts for group membership update using AzureDevOpsAuditing table in Sentinel, we observed logs for user addition/removal from certain groups where ActorDisplayName disp...
Is one of the groups this one, in which case you can ignore?
https://learn.microsoft.com/en-us/azure/devops/organizations/audit/azure-devops-auditing?view=azure-devops&tabs=preview-page#q-what-is-the-directoryserviceaddmember-group-and-why-is-it-appearing-on-the-audit-log
Also if you use Entra (AAD) then please check: https://learn.microsoft.com/en-us/azure/devops/organizations/audit/azure-devops-auditing?view=azure-devops&tabs=preview-page#limitations
https://learn.microsoft.com/en-us/azure/devops/organizations/audit/azure-devops-auditing?view=azure-devops&tabs=preview-page#q-what-is-the-directoryserviceaddmember-group-and-why-is-it-appearing-on-the-audit-log
Also if you use Entra (AAD) then please check: https://learn.microsoft.com/en-us/azure/devops/organizations/audit/azure-devops-auditing?view=azure-devops&tabs=preview-page#limitations
- Thank you for the revert Clive_Watson. Yes, one if the groups is [Organization]\DirectoryServiceAddMember-XXXX-Group and the other group is [Organization]\Azure DevOps Licensed Users. As per the link you shared, the directory service group can be ignored. But what about the other one?
- Sorry that's where my knowledge ends...hopefully someone else can assist for that part
