Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

TargetUserOrGroupType and TargetUserOrGroupName missing in OfficeActivity Schema

Brass Contributor

I noticed that the following are missing from the schema in OfficeActivity logs:

  • TargetUserOrGroupType: Identifies whether the target user or group is a Member, Guest, SharePointGroup, SecurityGroup, or Partner.

  • TargetUserOrGroupName: Stores the UPN or name of the target user or group that a resource was shared with (User B in the previous example).

This is key information to determine whether information was shared with a Guest identity or a Member identity. 

 

The only thing I found regarding this issue was a feedback post from September: https://feedback.azure.com/forums/920458-azure-sentinel/suggestions/38501344-add-targetuser-and-targ...

 

Is this going to be added in the near future? Or is there a possible work around to get this information into a query?

 

Th

2 Replies

@leoszalkowski : thanks for the input, we will look into that.

 

~ Ofer

@Ofer_Shezaf Great! Thank you. Please let me know if/when there will be a solution for this.