Customers may see such authorization events in App Service -> Monitoring -> Logs -> AppServiceAuditLogs, and be puzzled by these entries.
Resource field value is your app service web app name, and the User account of KUDU line is '$' plus your app name.
The User account of AAD line is 10032*****, totally 16 digit number. This is the Net ID of your logged in AAD account.
You can query the 'UserDisplayName' column to display the readable user account name of this NET ID.
What's that?
These are the authentication and authorization events when accessing the KUDU site(the .scm site) by Web browser.
Refer to https://github.com/projectkudu/kudu/wiki/Accessing-the-kudu-service
When access to SCM site, the scm service requires authentication and authorization.
Authentication
There are 2 authentication mechanisms.
- Single sign on. This is only available and a default mechanism accessing via browser. User will be authenticated via AAD login.
- Basic Auth using Deployment-credentials. This is default for non browser - such as curl. However, one can force this mode on browser by appending basicauth such as https://mysite.scm.azurewebsites.net/basicauth.
What Kind of User Operations Trigger Kudu Authorization Events?
- Code publishing and package deployments such as via Web Deploy, Local Git or GitHub, will trigger the access to Kudu service, since Kudu is the deployment engine of App Service.
- Directly accessing the Kudu site URL, e.g. Go to https://mysite.scm.azurewebsites.net/ in web browser will also trigger the access to Kudu Service.
- What's more, when you browse via Azure Portal such as checking the configuration of App Service, it will also trigger the access to KUDU service.
For example, visit Settings -> Web Jobs, Development Tools -> Extensions, API -> API management, Process Explorer and Metrics under Monitoring, etc on Azure App service Portal https://ms.portal.azure.com/, it will trigger such kind of below requests to the Kudu/SCM service. And these requests will default log in to Kudu with the user's AAD account.
