Forum Discussion

KemalM's avatar
KemalM
Copper Contributor
May 07, 2020

Azure AD Sign-ins Logs

Hello,   When I look at Azure AD Sign-ins Logs, I see many different applications. Some of them are very clear, but not all. For example, what are    dev-rel-auth-prod AEO Frontend Production A...
Azure Active Directory (AAD)
JordyBlommaert's avatar
JordyBlommaert
Brass Contributor

Office 365 Shell WCSS-Client is the browser code that runs whenever a user navigates to (most) Office365 applications in the browser.  The shell, also known as the suite header, is shared code that loads as part of almost all Office365 workloads, including SharePoint, OneDrive, Outlook, Yammer, and many more

The other apps can be apps that are registered in Azure AD. For example developers that are creating Apps in connection with Azure AD. Therefore they need to create an app registration. If you go to Azure Active Directory -> App Registrations you get an overview of all registrations that are connected towards your Azure AD tenant.

KemalM's avatar
KemalM
Copper Contributor
May 12, 2020

JordyBlommaert Thank you for your reply and explanations for Office365 Shell WCSS-Client. However, I'm definitely disagree with other comment. I have applications in my sign-in logs like:

 

ACOM Azure Website

AEO Frontend Production

dev-rel-auth-prod

 

which are not listed in Applications list in the portal. There is also AIRS application which is only listed among applications, but there is no any other explanation. So, I am trying to learn what those applications are and what they are used for.

 

Thx,

 

 

  • JordyBlommaert's avatar
    JordyBlommaert
    Brass Contributor
    May 13, 2020
    Do you see those sign-in logs towards a lot of users? Or only specific users? I think it's not a generic application but a custom developed one.
    • KemalM's avatar
      KemalM
      Copper Contributor
      May 13, 2020

      JordyBlommaert, I see those logs from my own sign-in logs and I don't have and am not using any specific or home made application.

  • Jeff_Olive's avatar
    Jeff_Olive
    Copper Contributor
    Jun 26, 2020

    KemalM 

     

    I'm seeing unusual failed login attempts to the ACOM Azure Website application as well.  Was this question ever answered about what this application is?  I also don't see it in the Enterprise Applications listing.

    • dbernier's avatar
      dbernier
      Copper Contributor
      Jan 13, 2021

      Any update on this. Just came across a log saying I signed in using this Vortex app.

       

       

      • Jeff_Olive's avatar
        Jeff_Olive
        Copper Contributor
        Jan 13, 2021

        dbernier -

         

        These "suspicious" sign-ins to ACOM Azure Website were being generated by our users when they were going to standard websites like https://azure.microsoft.com and browsing general information but with silent logins their with accounts in our tenant.  Shared the finding with Premier and they were surprised but said there was nothing to be concerned with security-wise. 

         

Resources