Feb 23 2024 02:00 AM
We have been experiencing "duplicate" events in the IdentityLogonEvents Table since 2024-02-14.
The only difference i can see in the events are that the Application field in one event is "Active Directory" and in the other event it's "Microsoft Active Directory".
Also the ReportId fiels is different between the two, in the sense that the event with "Microsoft Active Directory" appends a string to the ReportId.
Is there a way to avoid this duplication of the events?
Or what is the reason for this?
Running Azure Advanced Threat Protection Sensor version 2.230.17681.9355.
Feb 26 2024 04:18 AM
The logs with Application name "Microsoft Active Directory" has disappeared from our IdentityLogonEvents table.
So we have no duplicate logs anymore.