Forum Discussion
Azure AD Sign-ins Logs
Hello, When I look at Azure AD Sign-ins Logs, I see many different applications. Some of them are very clear, but not all. For example, what are dev-rel-auth-prod AEO Frontend Production A...
JordyBlommaert Would you or anybody know what the application "vortex [wsfed enabled]" is? It is not a registered application in our tenant. It has popped up for a couple of our users but they do not know what that is or what they did to cause that sign-in activity. All the other sign-in information is as expected (IP address, location, browser, OS)
Here is a sample entry from the Azure Active Directory Sign-In log:
Application: Vortex [wsfed enabled]
Resource: Windows Azure Active Directory
IP address: xx.xxx.xxx.xx
Location: xxxxxx, xx US
Status: Interrupted
Sign-in error code: 16000
Failure reason: Other
Client app: Unknown
Device ID:
Browser: Chrome 81.0.4044
Operating System: Windows 10
Join Type:
MFA result:
Token issuer type: Azure AD
Conditional access: Not Applied
Multiple timestamps very close together.
2020-05-02T01:38:39.466094Z
2020-05-02T01:38:11.9168794Z
2020-05-02T01:38:11.622332Z
2020-05-02T01:38:10.9504493Z
2020-05-02T01:38:09.696237Z
2020-05-02T01:37:30.4821975Z
2020-05-02T01:37:30.247593Z
2020-05-02T01:37:29.7603399Z
2020-05-02T01:38:11.9168794Z
2020-05-02T01:38:11.622332Z
2020-05-02T01:38:10.9504493Z
2020-05-02T01:38:09.696237Z
2020-05-02T01:37:30.4821975Z
2020-05-02T01:37:30.247593Z
2020-05-02T01:37:29.7603399Z
All other information was the same for each timestamp.
Betty Stolwyk Microsoft reported this as an internal error code and can be ignored. Reference Article https://github.com/MicrosoftDocs/azure-docs/issues/10766
