Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Multiple logged on users showing Windows Defender Security Center's agent

Copper Contributor

Hello Team,

I am using the licensed Windows Defender Security Center.

While seeing a triggered alert one of machine, I saw a section -"Logged on users (last 30 days)"

Which is probably meaning that, "Num of users have logged in a machine".

ATP.png

I amazed when I saw this much number of user logged on a single host. As I asked to user but he replied as no, he is the only who is using to login.

Can anyone suggest, what to investigate in this case? and why this is showing much count?

**Full scan done already.

5 Replies

@Arpit3655 did you discover the cause?
We are seeing the same thing. Several (10+) network logins from users accounts that we cant explain. Happening on only a few of our machines.

My organization is also seeing this. Nothing in the documentation explains this.

@Arpit3655 @bartlettdn 
Bumping this. We deployed Azure ATA to suck in AD data for more visibility, however that didn't reveal an answer. 

@Arpit3655can you share what type of users you are seeing? I noticed this in a couple of machines but when you look at the list of users only one was human, and then I had system accounts listed - which kinda makes sense.

Hi there, apologies for resurrecting an old thread but did you ever figure out why this was happening? I'm investigating a similar issue myself with only a couple of machines, is it a bug in ATP?