Duplicate Events in IdentityLogonEvents table

Copper Contributor

We have been experiencing "duplicate" events in the IdentityLogonEvents Table since 2024-02-14.

 

The only difference i can see in the events are that the Application field in one event is "Active Directory" and in the other event it's "Microsoft Active Directory".

BrianAndersen_1-1708681429239.png

 

Also the ReportId fiels is different between the two, in the sense that the event with "Microsoft Active Directory" appends a string to the ReportId.

BrianAndersen_0-1708681391761.png

 

Is there a way to avoid this duplication of the events?

Or what is the reason for this?

 

Running Azure Advanced Threat Protection Sensor version 2.230.17681.9355.

1 Reply

The logs with Application name "Microsoft Active Directory" has disappeared from our IdentityLogonEvents table.

 

So we have no duplicate logs anymore.